Merge pull request #472 from genebean/bigboy-again

Bigboy again

.sops.yaml

@@ -1,5 +1,6 @@
 ---
 keys:
+  - &system_bigboy age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
   - &system_hetznix01 age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
   - &system_hetznix02 age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
   - &system_nixnas1 age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
@@ -8,8 +9,11 @@ keys:
   - &user_airpuppet age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
   - &user_blue_rock age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
   - &user_mightymac age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
-  - &user_mini_watcher age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
 creation_rules:
+  - path_regex: bigboy/secrets.yaml$
+    key_groups:
+      - age:
+          - *system_bigboy
   - path_regex: hetznix01/secrets.yaml$
     key_groups:
       - age:
@@ -42,13 +46,10 @@ creation_rules:
     key_groups:
       - age:
           - *user_mightymac
-  - path_regex: mini-watcher/secrets.yaml$
-    key_groups:
-      - age:
-          - *user_mini_watcher
   - path_regex: modules/hosts/common/secrets.yaml$
     key_groups:
       - age:
+          - *system_bigboy
           - *system_hetznix01
           - *system_hetznix02
           - *system_nixnas1
@@ -57,6 +58,4 @@ creation_rules:
           - *user_airpuppet
           - *user_blue_rock
           - *user_mightymac
-          - *user_mini_watcher
-
 

modules/hosts/common/secrets.yaml

@@ -9,86 +9,86 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
+        - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoNUNVVVk4NVZPTU93bE53
+            OXRjY2U1R0JFU1hBQU9LU2RmazhVUG92R0RZClF3RXREaFNidjBlZDNRQW9jcWFY
+            dStPSHV4RS9PQnZ2RFo1NW8zQ2NYT0EKLS0tIHcyVFRRU09SeFQzOC82dHh5WXZl
+            OTRYOEwxWWkybE9GcndhOEt1VW1Cc0kK3aoH7yrC/Vc98RqzAicwkGKZKiTx5dMl
+            6cPFziBIQv03N06vN60eLbBXUMgrT/21Cn/Np79PLzYJ/K/i9Tt4Qg==
+            -----END AGE ENCRYPTED FILE-----
         - recipient: age1rd55wsu0hhvxk25tm69d9h57z0z0u6556x4ypg09muj3vh4yqs5qaw23nu
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bUFtRmZja1ZVK1Blbnk3
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKblc4TGk4d0hxdW9MREJQ
-            Q0h6cVBNU0t0K1puY1ZIbUVjMmhpSTdVMjFFCms1WE9ZQ3U2b0Q5bysvQlQxT0ty
+            a2UyWmxSTUZOUUlURHY1eDB1LzRDQUxmRFJ3CkpRak9mVTd5bGxjZnJYQlhBSWpw
-            QjhMTFkyUFB3UlUyb0dla1lvM1laZlUKLS0tIGlBTyt2b0hhNkRsa2t6ajBxa1U5
+            ditqemZ5QnNJbEJ0WWJneHM3NkN3SkkKLS0tIHlDT1VyNCtSejRjd1RSZGM4ZzMx
-            UGtrYk43S1FqZUlvT0tOcnlJVXg0TzQKnaloZ21vCJUFpg7kg7A/FkXGhEyKHfbv
+            V2d5ZTRkRURRc0huT1k5Y0VNZGVMWWMKn9BnIg+vehG2Nxea2Jz3JMqrPwpNGXuP
-            GJ6bHLWzgH6Dr78lJoNjwvXdz2Ypld1Rk7ELxU55kxSuBKMIX5e0NQ==
+            9GU3kbk/ldviqLjqRGmvZR8KiOnazX7AdV/x/c0dO/nfckeKVZ1sAA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age180w4c04kga07097u0us6d72aslnv2523hx64x8fzgzu4tccrxuyqa50hpm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VWlqS1VkeWh1WnFDeVd6
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4N1NkU04xY1JZVG5WRThV
-            dENWTHZmR2x3RXZTSlhUbmdabE9jU1FuV1EwCkh4ekZzS0ZnbVhVcEhoMUFUUzNG
+            Um5pV3RzZG9UcmZHZk5FUDl4Ni9KbmJLTFFjCmJXcHVORll0eko1bmxDUFhHYVpz
-            cXhMMlZ3b0ZqWjFRTnJPc0VHNVIxMlkKLS0tIGlaOWhPdmJTV21jdWVhWHp6K21T
+            Z1RpdUIzM1lUV3Z3VGU1emdTbmpEWDAKLS0tIC96TFZRMkdHQ255VjZGcVdKcmJD
-            Wk84YWlWeGE3S09ZU0dEeXNYYVZ0dmMKcbtPczNboSE2q23B/1DBsE/wlpyOXcp6
+            UWExNWozT2h1TDZ0YmtuWldCeXhEV1EK/v+GJ7eKgpQE1dysCD0dt+ildshnkPqB
-            GFpwHvG19JyuTTBanXdimMTycrmaBZtQkyjhKT267Ap9hADVStlOZg==
+            j1tqYcnHysXYoQSLUzCADK2Fo7tJ1BC7e4N7C0wZMXZ1B6FkO8GrrA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g4h5a4f5xfle2a6np8te342pphs3mcuan60emz2zp87nrwjzl5yquhr5vl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQaUVlZnBkeDIvZlZHRHZa
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQnZzNnYrb1hTYUtUWits
-            OGVjM3NwUUtkTmd5ZlJlanpNWFMzekFwQzBFCnJQeThwbzNhUVNTRmVKNGxvRDBM
+            V3lETXpZODMyN3M4R3B4VHpwMytOamVFM2dZCnl3dmxUWWJYOFdnRFZZVXROWnNn
-            OTlYL1lnenpTUk41YnVCdnlHMzU5RTgKLS0tIHdmODhCUW95WW1DZTduOFkzdGVN
+            RjlkdHMyalBaRU5VczhKWEU2dEtFT3cKLS0tIHFOMDJRRVY4dVFjQTV5YWFzZDRr
-            bHZIYitEdktkdG5yYUVXL3puV2xxNG8KRJGCGOfQIkh5HIlhU+KOWmyxOI4iEwE5
+            K2orYzVra3V0OEtROU5ma25jaHJkTjQKdHeDC7b+6zTmClpVOOXTbAcK38ADx6TN
-            hPpeafdtQIeYUPxRZ9LYapXxryjvm0smwgU1sAww7h6rk7pOuhKCGQ==
+            HkyIcASUaC/HqpTSTvXT3OYUE8edQdUAC7Z9wYLTgrxTVZRCTtTzLQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhc0YwWlA2Nko3dTgwcFF5
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZTZRZmRCL0NRVFJTSjVT
-            UkVpdHBGanRzYnQ0ZFVFNzg0eHpYQkQzMVc0CjR1NnNwa0RkbGMycGRIK1lKVnVn
+            WmUyRXExZU5pMzY1SEV0dThjc0hvSXVXdEhjClBLZENteEhvOEF6T0ZqaHA3TE5k
-            cXBURFl2WTNxSlV3ZUFnemhMYnNFVDgKLS0tIEVrQVNXZDFuODg3NytuZ3gwcWxY
+            Sko0Y1lKSjdaWTF4amNvc1VJTXkzdDQKLS0tIFNHRnhYQjB2MXdxcmNDREZLdkov
-            TFpmZFJEWWFlQWdZUlNxaE1ETXdzTlkKMNVpzuDykFeSoZ5zDLsswdNfTjEjYLPl
+            dWxkN3dzanY2TVNPelZFMXpvMTFyUm8KTwij5ubszireukfKqKPEKB8kELS82ld+
-            p8rffgia2ixVMGhGEHBZKGo6ST3+aeYNhzB2qaLMP8Dj8Jqs1+P+Ng==
+            UqDDPu6x7uNT+D9UV5nk4l4zzox5pmxuBxziz4RcTVYCHmhjtVSh7A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzd0JxcSt3WWg0aFloREZu
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpT21zMzRCMXpVOStBbEJO
-            RldneXFYTjl1U014RXhZQXVxTzBBMkpwbmhrClJ5TmFUMXhCWGY5TVNzazVzczEz
+            UlVBdVNRTmkzSjNpRzQrYlExRnVPU3FVM1FzCk11RFVsdVBRMWUxeUFyS1FqckhZ
-            U3FYOCtyZE9KNmR0dzZ3UUxkaEVQREkKLS0tIHlsaVd5WDUzWWVoWVYzZ3ZVSVcw
+            cndkQktqRTEvNUFrQ3lEa1B3T0V6a2cKLS0tIEtWRXB1Z3hyZjczS0VMZ0I0cFRZ
-            VDkvQWViUDdVY045dmRrMjRtMjhFWjAKCoBQXpY1wjNqQIYDB14sA3IEKqSZsJBH
+            N3RiR3ZTcFVvUFJlbTFiVS9OOElOd1EKy1tuLTMr+0EB0ZcgOMz8INbhFMUbyfme
-            POi1HhW1sxc8SKnJ/ZJX0dir9/KMRcUZO5u/7I+hqe/W5014kOD3+Q==
+            NByTM4lrHsOvt1mO6ts+Ug3UWy0KSqE1RQI5XZIU0jsA36z+ISM6tg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZTlnS0p5V2oxQnVoRUJt
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeWhOT0pZb1hyOVp6cG1n
-            R3JrYXBSbEloMk9EZ1JEL1ZKT3Nobk9ycEdBCnMySkpYVzNsS1VIWFA3Ui9vQzR3
+            b1c1RFJWNUFKSVYremo4TngxcHlEaUlWM1I4CkVzSjZKeGFiTHdTamQrYlg5UGxy
-            RWppUElDLzRTc0lUbVpOR0NjSlVJUWcKLS0tIER1QVZzcmZ1WmlVNmtoaUMrR2Nx
+            UVh1ZlVWeFFkQk9oeG5BUDAyTlNlQWcKLS0tIGRKSmhkRGVCWnJkRVFXMjBaQm9K
-            VkVxa2Ztc3dVVjltSDd0TzVtN2l1SGsKU4Ipyi2EsnglhEF/pZEKprvI/Bb4eocL
+            enhPTnBQVjFQSk80UzNvUm1iL0xjMEEKtsMPvSTm+j6FxZbtdxKEBmRsYwXgDQZH
-            oGsYMOyahIMkcFVai+7R74MC+y9GdCklnDVGuVZjaIc2pylzmP6Acg==
+            FUXkJLpNFVJVNLRHb8WKfLQaf2xR+tJmNZ0KM8GueHE9ft4q7gxCRA==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTkZVbWNkcktyUDNKZDJM
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6UWV3VXVla1M0anREbVNU
-            VW1DUElwTGVucXlTUEtVb0hUM2ltbm10M0hNCjNyVzBmTUpGWHV1UkZwdkhMM0pw
+            MUVRa3FaeHN2WHU2ZjR2cnNlUXRHVVQ1TkVRCmpjTk5nTmJIaU5nRDNheWc5ZDUx
-            ZE5VMTBVRHlSNUNvdWUzM0NhTG00LzAKLS0tIDRYSFFWV2tPMW9MQndjV0ZzY0lr
+            L0wvSVVRQ3A3YS94U3ZpbWFieHJVUG8KLS0tIHpuUFNNOWhlTHRhVHJFdE9tMGJt
-            WXFMb0xUYUZiY2NLUmh4S1U3b29SNUEKKghGvX5G9jfOlEFYsRVSE3lLKCaKpz+F
+            c3pmMmlGd0JQV3ptdzlmZDhDY2FGeU0KutCMMR1irGAlD/xYxUGyqj0uXBoChSJL
-            AoglIjgdaQTrqbAaLM8DG79d+VgzHrZdgeobenGtNSF2WRz/3VDNBg==
+            wsgEMyD62+zqHWDQPqfLFh7b9+/Ir/sQai0qPKiU9uDCuIP/K0TLVQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6azlFM1JGZ0JDY3RZdkRS
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR2tvaUZLV09udXNiaHE3
-            dXdtZUE2QnJVK3dmc3VxbGtDTldlb0dmTVRvClA3Y0x0ZDY3WmtqTWp5b2VRRGdF
+            SG1HeTE4MUVEeTZlRmx2eWF2RzZ3ZHI2VmxBCisvTWNOcTB6eXRlSEZQQWpCOXFy
-            VmkyM2dLUXJyeDdNUVpIZlpvdVE3UEEKLS0tIGRuZzEzRkZtT0N4Vjd3TUgyQ29T
+            Tm1aalJGbVB6SHBnT200OElhZGtmQmMKLS0tIDU5aER4WEFsZDdFQU9hMkhPS3NW
-            Y000cS9ZblJZTkpRMzhNYnZRNVpmODgK9MpExCq5d5PN8HCJPa7WxViLL9pbWv3m
+            VW9xemJxL05FNzBiNXFLMlpwKzFjTE0KtEzpcVvZrzi40hl2zP9r6Ca4muPCVFbd
-            qGfW2iz4N4UH/3mq5zx67jNwtwOKd7B9L4yX+oGgsYewQnLFhr5Xng==
+            hAXOLUi05CkSHDzTt4lrR4BMK46P4rS3ZnpLOfsZO+2zMfGsIOetVw==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c0tmWGVBSlMwdkhLTC81
-            bFBIbWZML2JiVDhrcldVdU1McHl0Ui9nUkhNCm9Ob3hEbGRhTzBreG5hTmFOS1lZ
-            UE16QzJ4Rjl4NVVMZ0ZzWUxRWm9CM1EKLS0tIHY2QUVNY1Q1Q0dpVDB6K3RsUlpQ
-            N2VYRDNrUk5wd3JQRVZabUhlRTF2UHMKCjCaXJ394MfsOKSWCuRVa8EA2pcLu1TU
-            VaXATezktIU+ZrXOrpwRc9u9uac9V3PmxykpzjEvyo2BQ7Ji0wOeEw==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-09-11T17:22:16Z"
     mac: ENC[AES256_GCM,data:WbuN9UpP0OP69ta29VW2LlCFfyTWI3v8IiwUu3tLOxtY3gjdJLZTpaG2hBR985qjLYL3MT7eR7eWp4p99DAKupVBvA6tJl8/+N9+0W/dapcec+qv7u9wRHcFjP9wtggq66vUdGqH8IIHYuGlIhAvCbDouoXuLoFIcB2i2lYNB4Q=,iv:u+KsBgHxLgwSgFLYtY0F6HjCUbSCvNAatIIwrCGGyJg=,tag:bHO4vovTLPVK2vsQvliwzQ==,type:str]

modules/hosts/nixos/bigboy/default.nix

@@ -1,134 +1,44 @@
-# Edit this configuration file to define what should be installed on
+{ inputs, config, pkgs, username, ... }: {
-# your system.  Help is available in the configuration.nix(5) man page
+  imports = [ # Include the results of the hardware scan.
-# and in the NixOS manual (accessible by running ‘nixos-help’).
+    ./hardware-configuration.nix
+    ../../common/linux/flatpaks.nix
+    ../../common/linux/ripping.nix
+  ];
 
-{ config, pkgs, username, ... }:
+  system.stateVersion = "24.11"; # Did you read the comment?
 
-{
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ../../../system/common/linux/flatpaks.nix
-    ];
-
-  # Bootloader.
   boot.loader = {
-    grub = {
+    systemd-boot.enable = true;
-      device = "nodev";
-      enable = true;
-      useOSProber = true;
-      efiSupport = true;
-      # set $FS_UUID to the UUID of the EFI partition
-      extraEntries = ''
-        menuentry "Kubuntu" {
-          insmod part_gpt
-          insmod fat
-          insmod chain
-          search --no-floppy --fs-uuid --set=root B208-923B
-          chainloader /EFI/ubuntu/grubx64.efi
-        }
-      '';
-    };
     efi.canTouchEfiVariables = true;
   };
 
   environment.sessionVariables.NIXOS_OZONE_WL = "1";
 
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+    environment.systemPackages = with pkgs; [
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "America/New_York";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "en_US.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "en_US.UTF-8";
-    LC_IDENTIFICATION = "en_US.UTF-8";
-    LC_MEASUREMENT = "en_US.UTF-8";
-    LC_MONETARY = "en_US.UTF-8";
-    LC_NAME = "en_US.UTF-8";
-    LC_NUMERIC = "en_US.UTF-8";
-    LC_PAPER = "en_US.UTF-8";
-    LC_TELEPHONE = "en_US.UTF-8";
-    LC_TIME = "en_US.UTF-8";
-  };
-
-  # Enable the X11 windowing system.
-  # You can disable this if you're only using the Wayland session.
-  services.xserver.enable = true;
-
-  # Enable the KDE Plasma Desktop Environment.
-  services.displayManager.sddm.enable = true;
-  services.displayManager.sddm.wayland.enable = true;
-  services.desktopManager.plasma6.enable = true;
-
-  # Configure keymap in X11
-  services.xserver = {
-    xkb.layout = "us";
-    xkb.variant = "";
-  };
-
-  # Enable sound with pipewire.
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
-  };
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.gene = {
-    isNormalUser = true;
-    description = "Gene Liverman";
-    extraGroups = [ "networkmanager" "wheel" "dialout" "input" ];
-    packages = with pkgs; [
-      kdePackages.kate
-    #  thunderbird
-    ];
-  };
-
-  # Install firefox.
-  programs.firefox.enable = true;
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
     angryipscanner
     displaylink
+    filezilla
     gitkraken
-    handbrake
+    kdePackages.ksshaskpass
     libreoffice
     meld
+    mumble
     networkmanager-openvpn
+    rclone
+    rclone-browser
     slack
     tilix
     vivaldi
+    vlc
+    xorg.xf86videofbdev
     xfce.xfce4-terminal
     zoom-us
   ];
 
+  hardware.pulseaudio.enable = false;
+  
+  networking.networkmanager.enable = true;
+
   programs = {
     _1password.enable = true;
     _1password-gui = {
@@ -138,6 +48,8 @@
       polkitPolicyOwners = [ "${username}" ];
     };
 
+    firefox.enable = true;
+
     ssh.askPassword = "ssh-askpass";
 
     # common programs that really should be in another file
@@ -145,9 +57,30 @@
     xfconf.enable = true;
   };
 
+  security.rtkit.enable = true;
+
   services = {
+    displayManager.sddm = {
+      enable = true;
+      wayland.enable = true;
+    };
+    desktopManager.plasma6.enable = true;
+    fstrim.enable = true;
     fwupd.enable = true;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
     printing.enable = true; # Enable CUPS
+    xserver = {
+      enable = true;
+      xkb = {
+        layout = "us";
+        variant = "";
+      };
+    };
   };
 
   sops = {
@@ -165,31 +98,14 @@
     };
   };
 
-  # Some programs need SUID wrappers, can be configured further or are
+  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # started in user sessions.
+  users.users.${username} = {
-  # programs.mtr.enable = true;
+    isNormalUser = true;
-  # programs.gnupg.agent = {
+    description = "Gene Liverman";
-  #   enable = true;
+    extraGroups = [ "networkmanager" "wheel" "dialout" "input" ];
-  #   enableSSHSupport = true;
+    packages = with pkgs; [
-  # };
+      kdePackages.kate
-
+    #  thunderbird
-  # List services that you want to enable:
+    ];
-
+  };
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.05"; # Did you read the comment?
-
 }

modules/hosts/nixos/bigboy/hardware-configuration.nix

@@ -1,7 +1,7 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, ... }:
 
 {
   imports =
@@ -10,21 +10,23 @@
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-intel" ];
+  boot.kernelModules = [ "kvm-intel" "sg" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/79d48f97-18ba-4b98-afe6-8feb6a314c48";
+    { device = "/dev/disk/by-uuid/9c2d2979-dc8d-40e0-9ec2-c3cce33cd832";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/B208-923B";
+    { device = "/dev/disk/by-uuid/59CB-16DE";
       fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      options = [ "fmask=0077" "dmask=0077" ];
     };
 
-  swapDevices = [ ];
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/878ff032-3de0-4efe-a12f-8eccd0ac3253"; }
+    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

modules/hosts/nixos/bigboy/secrets.yaml

@@ -1,22 +1,22 @@
-local_git_config: ENC[AES256_GCM,data:iBJM9cj6wPqxvYOt0Gu25nrPQeTtndyDZqCiGCTTpvJ/7U+lP7Y+PcI=,iv:Y1NOT86IOcgSPEfmvoc5eVuad3GFPLjnoPY+dCBQNUs=,tag:HvUxBkwEIMy1GWYGBWkDww==,type:str]
+local_git_config: ENC[AES256_GCM,data:RuHN3enQQLyZu8qHAjlbp/JnDKurqiAiBdrXLPzTFadhmA5m2UyXJ54=,iv:NCWfej/EEB8ylGii+YvdKFagC1rF5ExHIi0M2iDahck=,tag:LVH/Sb7WW/O7Lyg7KSn9mg==,type:str]
-local_private_env: ENC[AES256_GCM,data:W4Ecx1f5RKqy1hkzrflL0OdRofNr9dLy+SbuLdiL6tSvde9InwezcW1zt07s+jdv,iv:geapIEV4Um8L1vTqJFRxoRx8tePnL90YezA9J5oUuYA=,tag:PGVFjwbFdhPu4msyXkukMA==,type:str]
+local_private_env: ENC[AES256_GCM,data:anm21ivROLWg/D49SeJQ0+wpExtHvOQvTr70Kph4gr6WkAgdgz02ayXULq6bn0HT00YWhcNgkku/Qox5Bg==,iv:JlLqOETaVNBi7dYJN5JljH95UG5+KcvoK+rQGpxyH6E=,tag:BHSp90YJQAKcN5/bUwqG2A==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age196gl3k9aphy2mh5kgn50wkzn38m35cus8dqhtva6qcfmmxx3acgs6vx2dg
+        - recipient: age1hraf69phgqg9y48m2r2sn6tr2sw7tf2h5j62ysl8nrv3qs2ft9kst0ysxm
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQlZlUmdxVnBXa1lSNERW
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTExHTW1UdjlGb2pDQkcy
-            L1lCcFBVaEpKdi91djlNL0piSnZLUnhpYURVCkJFYXA1UGYwMDRZQm5IM2ZwdFB6
+            UzBoZU9HaW1ZaGZRZC9NcDFHODFlK1ZNL2pvClBUc24zVzdONkJMaStOVTRpcHVR
-            MnZxOGRMMlNseWlybmU4WXBoUHFnMFkKLS0tIFNLVUtQNFhHeWcvZFNCTUM2NnhO
+            Tkovc3M5QjNSUWxWc0JFSzhkWEJOR00KLS0tIHdIS255N09yRkRDdU9mOHc5amtW
-            L2p0MmhjQkZYQjkvUjJVaDBiRG5yYTQKH+vx+bCgmQ4QUxOc0DIQOR6qR9FEgiA6
+            S2tTaXBUWGJNb3VUbzNWNVlPZEpKQUkKDEVag5HE08uzNdEwfoTPJQdFpxgCDeFV
-            1AjemW35CFzN1N5VHlNZgAplgou8zNxQ8w+AvKuRJ79kDZBESLpltQ==
+            v8CBBzXtLzy5xdhiNlTovjFstomrew5TvcjsAeCBimgCiaxXJ77Xzg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-05-20T20:13:00Z"
+    lastmodified: "2024-12-31T04:37:09Z"
-    mac: ENC[AES256_GCM,data:DnIjvLCwQ7D3WW2NqF2YRCzCaq39lYtU1ACQ5+23ydFBsGKwhLxiohfJFXagcsZ966wq48PGQLEWU0VfDpK0wOlphwZasrS4ZfOrC+iEaykIpNIVus+xOCzd2AwSa8k1EM6r7gbs516iZciXLfNuBFrK1KHUZB1r4vkDZUJ3PdE=,iv:hP/7nInLumR/PELcLIxcccLwebcE6Bs4USoLxgFzYyM=,tag:nD5lbuRwEOYlC5L/GknHUA==,type:str]
+    mac: ENC[AES256_GCM,data:0IWoYmBxxghbjMkDUpQugK2SjOndMvV/CTQG1pgddSB4TOrOtZybmNAxvE4GW0eu3p7w5nuk9tuLQmFXeNaDaGNi2ugX63gFy/tynVF4Hsnam9iLo2Ys4Y+umWZ3WLYkTp76ncuIkzSHQL4T4LaG0F8fr0o2dwMKrnO8sAxw8V4=,iv:IzV1NKUqv5gxEqc4H1j4a1+IXOyZMUiVk1pWTRwYmV0=,tag:BjiHr8YCXY8MAkGGkZgZ0w==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.2