From b41c85b161fadd89840ece0909b3ea79aa49f97e Mon Sep 17 00:00:00 2001 From: Jet Date: Mon, 23 Mar 2026 16:10:33 -0700 Subject: [PATCH 1/3] feat: add jet as a trusted user --- configuration.nix | 13 +++++++++++++ flake.nix | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/configuration.nix b/configuration.nix index 0565de2..4599985 100644 --- a/configuration.nix +++ b/configuration.nix @@ -67,6 +67,14 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu" ]; + users.users.jet = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE40ISu3ydCqfdpb26JYD5cIN0Fu0id/FDS+xjB5zpqu" + ]; + }; + # SSH - Secure it services.openssh = { enable = true; @@ -120,8 +128,13 @@ "nix-command" "flakes" ]; + nix.settings.trusted-users = [ + "root" + "jet" + ]; nix.settings.max-jobs = "auto"; nix.settings.cores = 0; + security.sudo.wheelNeedsPassword = false; services.postgresql.package = pkgs.postgresql_15; nixpkgs.config.allowUnfree = true; # Allow unfree packages (Minecraft, etc.) diff --git a/flake.nix b/flake.nix index f2f7ca1..f227be9 100644 --- a/flake.nix +++ b/flake.nix @@ -51,7 +51,7 @@ let pkgs = nixpkgs.legacyPackages.x86_64-linux; deploy = pkgs.writeShellScriptBin "nhs" '' - nh os switch --hostname extremist-software --target-host root@extremist-software path:. "$@" + nh os switch --hostname extremist-software --target-host jet@extremist-software path:. "$@" ''; check-secrets = pkgs.writeShellScriptBin "check-secrets" '' set -euo pipefail From f569039eec370df3408c32dde0e64601cc86b9bd Mon Sep 17 00:00:00 2001 From: Jet Date: Mon, 23 Mar 2026 22:23:12 -0700 Subject: [PATCH 2/3] update: noisebell relay configuration --- flake.lock | 8 ++++---- modules/noisebell.nix | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 45a2139..38a0117 100644 --- a/flake.lock +++ b/flake.lock @@ -422,11 +422,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1774306596, - "narHash": "sha256-6K/06QYWQsUmNqHwGPPf7/NjtEGNhnSL1IPXdPM+uOg=", + "lastModified": 1774329509, + "narHash": "sha256-KVuSr9WLyLiFERomJYVxIFLUPBH3FRrwpGkhKIyXOns=", "ref": "refs/heads/main", - "rev": "50468db20b3c1606c6fb1d3d027c309a09bc469d", - "revCount": 52, + "rev": "3a0d464234b2df01be85da317b2dbbf54e6f4344", + "revCount": 53, "type": "git", "url": "https://git.extremist.software/jet/noisebell" }, diff --git a/modules/noisebell.nix b/modules/noisebell.nix index d288078..83574e2 100644 --- a/modules/noisebell.nix +++ b/modules/noisebell.nix @@ -11,6 +11,10 @@ url = "http://127.0.0.1:3004/webhook"; secretFile = config.age.secrets.noisebell-discord-webhook-secret.path; } + { + url = "http://noisebell-pi:8090/webhook"; + secretFile = config.age.secrets.noisebell-relay-webhook-secret.path; + } ]; }; From 02811f2d4df99d7b5ec3e9958fbf3fa35fe2f7d2 Mon Sep 17 00:00:00 2001 From: Jet Date: Tue, 24 Mar 2026 14:21:23 -0700 Subject: [PATCH 3/3] update: noisebell update --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 38a0117..6afede4 100644 --- a/flake.lock +++ b/flake.lock @@ -422,11 +422,11 @@ "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1774329509, - "narHash": "sha256-KVuSr9WLyLiFERomJYVxIFLUPBH3FRrwpGkhKIyXOns=", + "lastModified": 1774387217, + "narHash": "sha256-bhMs1DdFqFoeXwWOLx+1MU0ltGIYPf7OA33cvzFI9C0=", "ref": "refs/heads/main", - "rev": "3a0d464234b2df01be85da317b2dbbf54e6f4344", - "revCount": 53, + "rev": "adb929227b9640285754b6a04774ab0587e5771b", + "revCount": 60, "type": "git", "url": "https://git.extremist.software/jet/noisebell" },