add options to allow backing up to specific machine

2024-12-12 22:24:39 +01:00
16 changed files with 74 additions and 545 deletions
--- a/backup-target.nix
+++ b/backup-target.nix
@@ -5,23 +5,11 @@
  users.users.backup = {
    isNormalUser = true;
    openssh.authorizedKeys.keys = [
-    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD''
+    ''command="${pkgs.rrsync}/bin/rrsync /mnt/backup/",restrict sh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
    #''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1e7hxxQD7pVKMquEuiBrLNFfx9ZRAOU1SGky4iXacD Ithuriel@openmediavault''
    ];
    packages = [
      pkgs.rsync
      pkgs.rrsync
    ];
  };
  fileSystems."/mnt/backup" =
    { 
      #depends = [ "/" ];
      device = "BACKUP/backup";
      fsType = "zfs";
      options = [ "nofail" ];
    };
  networking.firewall.allowedTCPPorts = [ 22 ]; 
 }
--- a/configuration.nix
+++ b/configuration.nix
@@ -11,7 +11,7 @@
  # Use the systemd-boot EFI boot loader.
  # changed to grub following the (ZFS tutorial)[https://nixos.wiki/wiki/ZFS]
-  boot.loader.grub = lib.mkDefault {
+  boot.loader.grub = {
    enable = true;
    zfsSupport = true;
    efiSupport = true;
@@ -21,6 +21,26 @@
  };
  # leftover from the original config
  boot.loader.efi.canTouchEfiVariables = true;
  # mount network shares
  fileSystems."/mnt/nas/private" = {
    device = "dashboard.omv:/ShatteredMINT";
    fsType = "nfs";
    options = [ "x-systemd.automount" "noauto" ];
  };
  fileSystems."/mnt/nas/shared" = {
    device = "dashboard.omv:/default-nas";
    fsType = "nfs";
    options = [ "x-systemd.automount" "noauto" ];
  };
  networking.hostName = "nix-desk"; # Define your hostname.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  # required for ZFS
  networking.hostId = "00000001";
  # Set your time zone.
  time.timeZone = "Europe/Berlin";
@@ -48,12 +68,11 @@
  fonts = {
    packages = with pkgs; [
-      # nerdfonts
+      nerdfonts
      # TODO after 25.05
      # change to only install explicit fonts
-      nerd-fonts.jetbrains-mono
+      # nerd-fonts.jetbrains-mono
      # does not exist
      # nerd-fonts.jetbrains
    ];
@@ -75,6 +94,9 @@
  # Enable touchpad support (enabled default in most desktopManager).
  # services.libinput.enable = true;
  # enable flatpak
  services.flatpak.enable = true;
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
@@ -83,6 +105,10 @@
    htop
    ];
  # allow specific users to affect system configuration
  users.groups.nixos-admins = {};
  users.users.root.extraGroups = [ "nixos-admins" ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
@@ -94,18 +120,7 @@
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
-  services.openssh = {
+  # services.openssh.enable = true;
    enable = true;
    ports = [ 22 ];
    settings = {
      PasswordAuthentication = true;
      KbdInteractiveAuthentication = false;
      # AllowUsers = [ "backup" ];
      # UseDns = true;
      X11Forwarding = false;
      PermitRootLogin = "no";
    };
  };
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
@@ -132,6 +147,5 @@
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.11"; # Did you read the comment?
  nix.settings.trusted-users = [ "shatteredmint" ];
 }
--- a/devices/conv.nix
+++ b/devices/conv.nix
@@ -1,70 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd sg" ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "NIX_CONV_POOL/root";
      fsType = "zfs";
    };
  fileSystems."/nix" =
    { device = "NIX_CONV_POOL/nix";
      fsType = "zfs";
    };
  fileSystems."/var" =
    { device = "NIX_CONV_POOL/var";
      fsType = "zfs";
    };
  fileSystems."/home" =
    { device = "NIX_CONV_POOL/home";
      fsType = "zfs";
    };
  fileSystems."/boot" =
    { device = "/dev/disk/by-uuid/334B-15CD";
      fsType = "vfat";
      options = [ "fmask=0022" "dmask=0022" ];
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/b3e53298-fdcf-41c5-b80b-6f1ef1dceeae"; }
    ];
  networking.hostName = "nix-conv"; # Define your hostname.
  networking.hostId = "00000002";
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  # BLUETOOTH
  hardware.bluetooth = {
    enable = true;
    powerOnBoot = true;
    settings.General.Experimental = true;
  };
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp4s0f3u1u4u1.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/devices/nas.nix
+++ b/devices/nas.nix
@@ -1,83 +0,0 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];
  boot.initrd.availableKernelModules = [ "nvme" ];
  boot.initrd.kernelModules = [ "dm-snapshot" ];
  boot.kernelModules = [ ];    
  boot.extraModulePackages = [ ];
  security.sudo.wheelNeedsPassword = false;
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
      fsType = "ext4";
    };
  fileSystems."/srv/docker" =
   { device = "/dev/mapper/base--storage-Docker";
     fsType = "ext4";
   };
  fileSystems."/srv/private" =
   { device = "/dev/mapper/base--storage-ShatteredMINT";
     fsType = "ext4";
   };
  fileSystems."/srv/shared" =
   { device = "/dev/mapper/base--storage-NAS";
     fsType = "ext4";
   };
  #fileSystems."/export/ShatteredMINT" =
  #  { device = "/srv/dev-disk-by-uuid-18333f38-626c-4c22-af29-314a87282809";
  #    fsType = "none";
  #    options = [ "bind" ];
  #  };
  #fileSystems."/export/default-nas" =
  #  { device = "/srv/dev-disk-by-uuid-98570615-8eda-4a45-8a20-3c58b50e3d79/default-nas";
  #    fsType = "none";
  #    options = [ "bind" ];
  #  };
  #fileSystems."/var/lib/docker/overlay2/52c3dbf89d5578b1cde892c0ccdad10293c8275870a047aff42b9ba2eb786d02/merged" =
  #  { device = "overlay";
  #    fsType = "overlay";
  #  };
  #fileSystems."/var/lib/docker/overlay2/f7163e8dd1916ab72fb37368f3799d89f07a203cd316448a7f107d8b2249bb7a/merged" =
  #  { device = "overlay";
  #    fsType = "overlay";
  #  };
  #fileSystems."/var/lib/docker/overlay2/9ff1324d7039ab0ea28895230b35432382bbf23d32c24e992525711b6f7c0bd8/merged" =
  #  { device = "overlay";
  #    fsType = "overlay";
  #  };
  swapDevices = [ ];
  networking.hostName = "nix-nas"; # Define your hostname.
  networking.hostId = "00000003";
  # Pick only one of the below networking options.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  networking.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
  services.cron = {
   enable = true;
   systemCronJobs = [
     "* 20 * * *     root rsync -Pav -e 'ssh -i /root/.ssh/backup' /srv backup@192.168.178.24:/ 1>> /root/backup.log 2>> /root/backup.err"
   ];
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -1,25 +1,5 @@
 {
  "nodes": {
    "friendlyelecCM3588": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1771227633,
        "narHash": "sha256-uUZMqpQ+Hv4CzwWSZeLpdPEth0W2+d0MlnZb073XjwY=",
        "owner": "YayaADev",
        "repo": "nixos-friendlyelec-cm3588",
        "rev": "687a43f7a8961d7929e82494cfeb55c031638192",
        "type": "github"
      },
      "original": {
        "owner": "YayaADev",
        "repo": "nixos-friendlyelec-cm3588",
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@@ -27,55 +7,39 @@
        ]
      },
      "locked": {
-        "lastModified": 1772845525,
+        "lastModified": 1733572789,
-        "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
+        "narHash": "sha256-zjO6m5BqxXIyjrnUziAzk4+T4VleqjstNudSqWcpsHI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
+        "rev": "c7ffc9727d115e433fd884a62dc164b587ff651d",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "ref": "release-24.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "nix-flatpak": {
      "locked": {
        "lastModified": 1768656715,
        "narHash": "sha256-Sbh037scxKFm7xL0ahgSCw+X2/5ZKeOwI2clqrYr9j4=",
        "owner": "gmodena",
        "repo": "nix-flatpak",
        "rev": "123fe29340a5b8671367055b75a6e7c320d6f89a",
        "type": "github"
      },
      "original": {
        "owner": "gmodena",
        "repo": "nix-flatpak",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1772773019,
+        "lastModified": 1733808091,
-        "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
+        "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=",
        "owner": "NixOs",
        "repo": "nixpkgs",
-        "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
+        "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e",
        "type": "github"
      },
      "original": {
        "owner": "NixOs",
-        "ref": "nixos-unstable",
+        "ref": "nixos-24.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "friendlyelecCM3588": "friendlyelecCM3588",
        "home-manager": "home-manager",
        "nix-flatpak": "nix-flatpak",
        "nixpkgs": "nixpkgs"
      }
    }
--- a/flake.nix
+++ b/flake.nix
@@ -2,18 +2,13 @@
  description = "Flake to handle all my infrastructure";
  inputs = {
-    nixpkgs.url = "github:NixOs/nixpkgs/nixos-unstable";
+    nixpkgs.url = "github:NixOs/nixpkgs/nixos-24.11";
    home-manager = {
-      url = "github:nix-community/home-manager";
+      url = "github:nix-community/home-manager/release-24.11";
      # follow defined nixpkgs to prevent version mismatch
      inputs.nixpkgs.follows = "nixpkgs";
    };
    friendlyelecCM3588 = {
      url = "github:YayaADev/nixos-friendlyelec-cm3588";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    nix-flatpak.url = "github:gmodena/nix-flatpak";
  };
  outputs = {self, nixpkgs, home-manager, ... }@inputs: 
@@ -25,50 +20,13 @@
        system = "x86_64-linux";
 	specialArgs = inputs;
 	modules = [
-          ./devices/desk.nix
+      ./hardware/desk.nix
 	      ./hardware/nvidia.nix
          ./hardware/scanner.nix
 	  ./configuration.nix 
 	  ./nvidia.nix
 	  ./plasma.nix
          ./software/default-graphical.nix
          ./network-shares.nix
          ./backup-target.nix
 	  ./users/shatteredmint.nix
          # ./qemu-bridges.nix
 	];
      };
      nix-conv = lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = inputs;
        modules = [
          ./devices/conv.nix
          ./configuration.nix
          ./plasma.nix
          ./software/default-graphical.nix
          ./users/shatteredmint.nix
          ./network-shares.nix
        ];
      };
      nix-nas = lib.nixosSystem {
        system = "aarch64-linux";
        specialArgs = inputs;
        modules = [
          inputs.friendlyelecCM3588.nixosModules.cm3588  # board + kernel support
          ./devices/nas.nix
          ./configuration.nix
          ./users/shatteredmint.nix
          ./software/samba.nix
          ./software/docker.nix
 	];
      };
    };
--- a/hardware/desk.nix
+++ b/hardware/desk.nix
@@ -11,9 +11,8 @@
  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" "sg" ];
+  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
  fileSystems."/" =
    { device = "NIX_DESK_POOL/root";
@@ -49,14 +48,9 @@
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  # networking.useDHCP = lib.mkDefault true;
+  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  networking.hostName = "nix-desk"; # Define your hostname.
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  # required for ZFS
  networking.hostId = "00000001";
 }
--- a/hardware/scanner.nix
+++ b/hardware/scanner.nix
@@ -1,24 +0,0 @@
 { config, lib, pkgs, ... }:
 {
    hardware.sane = {
        enable = true;
        openFirewall = true;
        extraBackends = [
            pkgs.epsonscan2
            pkgs.epkowa
        ];
    };
    services.avahi = {
      enable = true;
      nssmdns4 = true;
      publish.enable = true;
      publish.addresses = true;
      publish.userServices = true;
    };
    # pkgs.epsonscan2.override = {
    #     withNonFreePlugins = true;
    #     withGUI = false;
    # };
 }
--- a/network-shares.nix
+++ b/network-shares.nix
@@ -1,37 +0,0 @@
 { config, lib, pkgs, ... }:
 { 
  environment.systemPackages = [ pkgs.cifs-utils ];
  fileSystems."/mnt/share/private" = {
    device = "//192.168.178.108/shatteredmint";
    fsType = "cifs";
    options = let
      # this line prevents hanging on network split
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=${toString config.users.users.shatteredmint.uid},gid=${toString config.users.groups.users.gid}"];
  };
  fileSystems."/mnt/share/shared" = {
    device = "//192.168.178.108/shared";
    fsType = "cifs";
    options = let
      # this line prevents hanging on network split
      automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
    in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=${toString config.users.users.shatteredmint.uid},gid=${toString config.users.groups.users.gid}"];
  };
  # # mount network shares
  # fileSystems."/mnt/nas/private" = {
  #   device = "dashboard.omv:/ShatteredMINT";
  #   fsType = "nfs";
  #   options = [ "x-systemd.automount" "noauto" ];
  #
  # };
  # fileSystems."/mnt/nas/shared" = {
  #   device = "dashboard.omv:/default-nas";
  #   fsType = "nfs";
  #   options = [ "x-systemd.automount" "noauto" ];
  #
  # };
 }
--- a/hardware/nvidia.nix
+++ b/hardware/nvidia.nix
@@ -19,6 +19,6 @@
    nvidiaSettings = true;
    # set specific version
-    package = config.boot.kernelPackages.nvidiaPackages.latest;
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
  };
 }
--- a/plasma.nix
+++ b/plasma.nix
@@ -13,53 +13,10 @@
  ];
  # Enable sound.
  services.pipewire = {
    enable = true;
    pulse.enable = true;
  };
  system.fsPackages = [ pkgs.bindfs ];
  fileSystems = let
    mkRoSymBind = path: {
      device = path;
      fsType = "fuse.bindfs";
      options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
    };
    fontsPkgs = config.fonts.packages;
    x11Fonts = pkgs.runCommand "X11-fonts"
      {
        preferLocalBuild = true;
        nativeBuildInputs = with pkgs; [
          gzip
          mkfontscale
          mkfontdir
        ];
      }
      (''
        mkdir -p "$out/share/fonts"
        font_regexp='.*\.\(ttf\|ttc\|otb\|otf\|pcf\|pfa\|pfb\|bdf\)\(\.gz\)?'
      ''
      + (builtins.concatStringsSep "\n" (builtins.map (pkg: ''
          find ${toString pkg} -regex "$font_regexp" \
            -exec ln -sf -t "$out/share/fonts" '{}' \;
        '') fontsPkgs
        ))
      + ''
        cd "$out/share/fonts"
        mkfontscale
        mkfontdir
        cat $(find ${pkgs.font-alias}/ -name fonts.alias) >fonts.alias
      '');
    aggregatedIcons = pkgs.buildEnv {
      name = "system-icons";
      paths = fontsPkgs;
      pathsToLink = [
        "/share/icons"
      ];
    };
  in {
    "/usr/share/icons" = mkRoSymBind (aggregatedIcons + "/share/icons");
    "/usr/share/fonts" = mkRoSymBind (x11Fonts + "/share/fonts");
  };
 }
--- a/qemu-bridges.nix
+++ b/qemu-bridges.nix
@@ -1,18 +0,0 @@
 { config, libs, pkgs, ... }:
 {
    networking.bridges.virtbr0.interfaces = [
        "enp4s0"
    ];
    boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
    networking.interfaces.virtbr0 = {
        useDHCP = true;
    };
    virtualisation.libvirtd = { 
        enable = true;
        allowedBridges = [ "virtbr0" ];
    };
 }
--- a/software/default-graphical.nix
+++ b/software/default-graphical.nix
@@ -1,53 +0,0 @@
 { config, lib, pkgs, home-manager, ... }@inputs:
 {
  imports = [home-manager.nixosModules.home-manager];
  home-manager.users.shatteredmint = {
    home.packages = with pkgs; [
      thunderbird
      firefox
      lazygit
      veracrypt
      keepassxc
      kdePackages.yakuake
      cargo
      zig
      clang
      nil
      wl-clipboard
      makemkv
    ];
  };
  # enable flatpak
  services.flatpak.enable = true;
  home-manager.users.shatteredmint.imports = [
    inputs.nix-flatpak.homeManagerModules.nix-flatpak 
    {
        services.flatpak = {
          update.onActivation = true;
          packages = [
            "com.atlauncher.ATLauncher"
            "com.discordapp.Discord"
            "com.github.k4zmu2a.spacecadetpinball"
            "com.heroicgameslauncher.hgl"
            "com.obsproject.Studio"
            "com.revolutionarygamesstudio.ThriveLauncher"
            "com.spotify.Client"
            # "com.teamspeak.TeamSpeak"
            # "com.teamspeak.TeamSpeak3"
            "com.usebottles.bottles"
            "com.valvesoftware.Steam"
            # "md.obsidian.Obsidian"
            "org.kde.neochat"
            "org.kicad.KiCad"
            "org.libreoffice.LibreOffice"
            # "org.pipewire.Helvum"
            # "org.rncbc.qpwgraph"
            "org.telegram.desktop"
          ];
        };
    }
  ];
 }
--- a/software/docker.nix
+++ b/software/docker.nix
@@ -1,8 +0,0 @@
 {config, pkgs, ...}@input: {
    virtualisation.docker = {
        enable = true;
        daemon.settings = {
            data-root = "/srv/docker";
        };
    };
 }
--- a/software/samba.nix
+++ b/software/samba.nix
@@ -1,49 +0,0 @@
 {config, pkgs, ...} : {
  services = {
    samba = {
      enable = true;
      package = pkgs.samba4Full;
      openFirewall = true;
      settings = {
        global = {
          "server smb encrypt" = "required";
          "server min protocol" = "SMB3_00";
          "workgroup" = "WORKGROUP";
          "security" = "user";
          "browseable" = "yes";
        };
        # "private-shatteredmint" = {
        #   "path" = "/srv/shatteredmint";
        #   "writable" = "yes";
        #   "comment" = "private share for shatteredmint";
        #   "browseable" = "yes";
        # };
        "homes" = {
          "path" = "/srv/private/%S";
          "valid users" = "%S";
          "writable" = "yes";
          "comment" = "homes share";
          "browseable" = "no";
          "create mask" = "0700";
          "directory mask" = "0700";
        };
        "shared" = {
          "path" = "/srv/shared";
          "writable" = "yes";
          "comment" = "homes share";
          "browseable" = "yes";
          "create mask" = "0700";
          "directory mask" = "0700";
          "force user" = "shatteredmint";
        };
      };
    };
    samba-wsdd = {
      enable = true;
      openFirewall = true;
    };
  };
 }
--- a/users/shatteredmint.nix
+++ b/users/shatteredmint.nix
@@ -6,36 +6,31 @@
  users.users.shatteredmint = {
    isNormalUser = true;
-    extraGroups = [ "wheel" "nixos-admins" "cdrom" "scanner" "lp" "docker" ];
+    extraGroups = [ "wheel" "nixos-admins" ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT9u43WNMlu3gnu5z9Twt1vkdNdpf6REfEK/OT4qxjK shatteredmint"
    ];
    uid = 1000;
  };
-  home-manager.users.shatteredmint = {config, ...}: {
+  home-manager.users.shatteredmint = {
    home.stateVersion = "24.11";
    home.username = "shatteredmint";
    home.homeDirectory = "/home/shatteredmint";
    programs.zsh = {
      dotDir = "${config.xdg.configHome}/zsh";
      enable = true;
      autosuggestion = {
        enable = true;
 	highlight = "fg=white,bg=green,bold";
      };
      defaultKeymap = "viins";
      dotDir = ".config/zsh";
      history = {
        ignoreAllDups = true;
      };
-      initContent = ''
+      initExtra = ''
        bindkey '^?' backward-delete-char
        bindkey '\e[3~' delete-char
        autoload -Uz vcs_info
@@ -49,27 +44,28 @@
    programs.git = {
      enable = true;
-      settings = {
+      userEmail = "shatteredmint@gmail.com";
-        user = {
+      userName = "ShatteredMINT";
-          email = "shatteredmint@gmail.com";
+      extraConfig = {
          name = "ShatteredMINT";
        };
        init.defaultBranch = "main";
        pull.rebase = true;
      };
    };
-    programs.neovim = {
+    home.packages = with pkgs; [
-      enable = true;
+      thunderbird
-      extraPackages = with pkgs; [
+      firefox
-        wl-clipboard
+      lazygit
      veracrypt
      keepassxc
      yakuake
      cargo
      zig
      clang
      nil
    ];
    };
    home.sessionPath = [
      "$HOME/scripts"
    ];
  };
 }