so many sops

hosts/nas/configuration.nix

@@ -3,15 +3,9 @@
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
 {
-  outputs,
-  config,
   pkgs,
   ...
 }:
-let
-  user = "admin";
-  passwordFile = config.sops.secrets."jallen-nas/admin_password".path;
-in
 {
   imports = [
     # Include the results of the hardware scan.
@@ -21,45 +15,15 @@ in
     ./apps.nix
     ./grafana.nix
     ./networking.nix
+    ./nixpkgs.nix
     ./ups.nix
+    ./users.nix
     ./samba.nix
     ./services.nix
     ./sops.nix
     ../default.nix
   ];
 
-  nix.settings.experimental-features = [
-    "nix-command"
-    "flakes"
-  ];
-
-  # enable cuda support
-  nixpkgs.config.cudaSupport = true;
-  nixpkgs.config.allowUnfreePredicate =
-    p:
-    builtins.all (
-      license:
-      license.free
-      || builtins.elem license.shortName [
-        "CUDA EULA"
-        "cuDNN EULA"
-        "cuTENSOR EULA"
-        "NVidia OptiX EULA"
-      ]
-    ) (if builtins.isList p.meta.license then p.meta.license else [ p.meta.license ]);
-
-  # Cockpit
-  services.cockpit = {
-    enable = false;
-    port = 9090;
-    settings = {
-      WebService = {
-        AllowUnencrypted = true;
-      };
-    };
-  };
-
-  nix.settings.trusted-users = [ "@wheel" ];
   powerManagement.cpuFreqGovernor = "powersave";
 
   share.hardware.nvidia = {
@@ -86,14 +50,9 @@ in
       hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
     '';
 
-    etc.machine-id.source = ./machine-id;
-
-    # List packages installed in system profile. To search, run:
-    # $ nix search wget
-
-    sessionVariables = {
-      CACHIX_AGENT_TOKEN = "eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJkYmNkZWNjYi04ZTI4LTQwOTAtYWIxOC02MTU5OTYwZTgxMTAiLCJzY29wZXMiOiJjYWNoZSJ9.G-9wCfKc3d8ld_zDJNjTxNWlkS3_yojI-6gaRpUT-i0";
-    };
+    etc.machine-id.text = ''
+      57cdf5fc27f3469f80d0a339f1238aeb
+    '';
 
     systemPackages = with pkgs; [
       authentik
@@ -158,115 +117,6 @@ in
     };
   };
 
-  # Configure nixpkgs
-  nixpkgs = {
-    overlays = [
-      outputs.overlays.nixpkgs-unstable
-      outputs.overlays.nixpkgs-stable
-    ];
-
-    config = {
-      # Enable non free
-      allowUnfree = true;
-
-      permittedInsecurePackages = [
-        # ...
-        "authentik-2024.6.4" # todo: remove these
-        "python3.12-authentik-django-2024.6.4"
-        "authentik-webui-2024.6.4"
-        "authentik-client-api-2024.6.4"
-        "authentik-website-2024.6.4"
-        "authentik-proxy-2024.6.4"
-        "aspnetcore-runtime-6.0.36"
-        "aspnetcore-runtime-wrapped-6.0.36"
-        "dotnet-sdk-6.0.428"
-        "dotnet-sdk-wrapped-6.0.428"
-      ];
-    };
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users = {
-    # See https://search.nixos.org/options?channel=unstable&show=users.mutableUsers&from=0&size=50&sort=relevance&type=packages&query=users.users
-    mutableUsers = false;
-    groups.jallen-nas.gid = 1000; # create nas group cause truenas perms
-
-    # Admin account
-    users."${user}" = {
-      isNormalUser = true;
-      linger = true;
-      extraGroups = [
-        "wheel"
-        "networkmanager"
-        "docker"
-        "podman"
-        "libvirtd"
-        "nix-apps"
-        "jallen-nas"
-        "media"
-        "nscd"
-      ]; # Enable ‘sudo’ for the user.
-      hashedPasswordFile = passwordFile;
-      shell = pkgs.zsh;
-      openssh.authorizedKeys.keys = [
-        # macBook
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
-        # desktop windows
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
-        # desktop nixos
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
-      ];
-      packages = with pkgs; [
-        cachix
-        fastfetch
-        git
-        parted
-        aspell
-        aspellDicts.en
-        aspellDicts.en-computers
-        aspellDicts.en-science
-        aha
-        papirus-icon-theme
-        firefox
-        swtpm
-        tigervnc
-      ];
-    };
-
-    # Nix app account
-    users.nix-apps = {
-      isSystemUser = true;
-      uid = 911;
-      group = "jallen-nas";
-      extraGroups = [
-        "jallen-nas"
-        "docker"
-        "podman"
-      ]; # Enable ‘sudo’ for the user.
-      hashedPasswordFile = passwordFile;
-    };
-
-    groups.nut.name = "nut";
-    users.upsuser = {
-      group = "nut";
-      isNormalUser = false;
-      isSystemUser = true;
-      createHome = true;
-      home = "/var/lib/nut";
-      homeMode = "750";
-      hashedPasswordFile = passwordFile;
-    };
-
-    users.nextcloud = {
-      isNormalUser = true;
-      extraGroups = [
-        "jallen-nas"
-        "nix-apps"
-      ];
-      hashedPasswordFile = passwordFile;
-    };
-  };
-
   hardware.fancontrol = {
     enable = false;
     config = ''
@@ -306,8 +156,5 @@ in
     };
 
     libvirtd.enable = true;
-
-    # tpm.enable = true;
-    # useSecureBoot = true;
   };
 }