From f9970ce3af6c3bc8fcc9fc7e2b364fbd23d74eca Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Thu, 27 Nov 2025 17:37:02 +0530
Subject: [PATCH] fix: use device.user for trusted users and primary user
 across configurations

The changes update the configuration to use a `device.user` variable instead of hardcoded usernames like "fs0c131y" and "servius". This makes the configurations more flexible and reusable across different devices. The changes affect nixos configurations for mirai, ryu, and tako, as well as the darwin configuration for kuro, and the deploy.nix file.

The key changes include:
- Replacing hardcoded usernames with `device.user` in trusted-users lists
- Updating system.primaryUser to use `device.user`
- Modifying user definitions to use the device.user variable
- Adjusting deploy configuration to use "servius" as sshUser for tako
- Commenting out some service modules in tako's services/default.nix
---
 darwin/kuro/configuration.nix   | 5 +++--
 deploy.nix                      | 2 +-
 nixos/mirai/configuration.nix   | 4 ++--
 nixos/ryu/configuration.nix     | 3 ++-
 nixos/tako/configuration.nix    | 2 +-
 nixos/tako/services/default.nix | 6 +++---
 nixos/tako/services/openssh.nix | 4 ++--
 7 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/darwin/kuro/configuration.nix b/darwin/kuro/configuration.nix
index c49fb60b..2b2c8ee4 100644
--- a/darwin/kuro/configuration.nix
+++ b/darwin/kuro/configuration.nix
@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  device,
   ...
 }: {
   imports = [./services ./homebrew.nix ./programs];
@@ -12,7 +13,7 @@
       # ids.gids.nixbld = 30000;
       experimental-features = "nix-command flakes auto-allocate-uids";
       max-jobs = 8;
-      trusted-users = ["root" "fs0c131y"];
+      trusted-users = ["root" device.user];
       substituters = [
         "https://nix-community.cachix.org"
         # "https://sh.darksailor.dev"
@@ -58,7 +59,7 @@
 
   # services.nix-daemon.enable = true;
   system.stateVersion = 5;
-  system.primaryUser = "fs0c131y";
+  system.primaryUser = device.user;
 
   system.keyboard.enableKeyMapping = true;
   system.keyboard.remapCapsLockToControl = true;
diff --git a/deploy.nix b/deploy.nix
index 3fdd0357..a37b7ccf 100644
--- a/deploy.nix
+++ b/deploy.nix
@@ -31,7 +31,7 @@
     tako = {
       hostname = "tako.darksailor.dev";
       profiles.system = {
-        sshUser = "root";
+        sshUser = "servius";
         path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako;
         user = "root";
       };
diff --git a/nixos/mirai/configuration.nix b/nixos/mirai/configuration.nix
index 5147215c..91efd983 100644
--- a/nixos/mirai/configuration.nix
+++ b/nixos/mirai/configuration.nix
@@ -42,7 +42,7 @@
       cores = 8;
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "fs0c131y" "remotebuilder"];
+      trusted-users = ["root" device.user "remotebuilder"];
       trusted-substituters = [
         "https://nix-community.cachix.org"
         "https://nixos-raspberrypi.cachix.org"
@@ -69,7 +69,7 @@
     distributedBuilds = true;
   };
 
-  users.users.fs0c131y = {
+  users.users.${device.user} = {
     isNormalUser = true;
     extraGroups = ["wheel" "docker" "media"];
     openssh.authorizedKeys.keyFiles = [
diff --git a/nixos/ryu/configuration.nix b/nixos/ryu/configuration.nix
index 8f563d26..18f49821 100644
--- a/nixos/ryu/configuration.nix
+++ b/nixos/ryu/configuration.nix
@@ -43,7 +43,7 @@
       cores = 24;
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "servius"];
+      trusted-users = ["root" device.user];
       trusted-substituters = [
         "https://nix-community.cachix.org"
         "https://nixos-raspberrypi.cachix.org"
@@ -70,6 +70,7 @@
     package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
     buildMachines = [
       ../../builders/tako.nix
+      ../../builders/mirai.nix
       ../../builders/shiro.nix
       # ../../builders/tsuba.nix
     ];
diff --git a/nixos/tako/configuration.nix b/nixos/tako/configuration.nix
index a570b49f..0d66bfd8 100644
--- a/nixos/tako/configuration.nix
+++ b/nixos/tako/configuration.nix
@@ -42,7 +42,7 @@
       cores = 8;
       auto-optimise-store = true;
       extra-experimental-features = "nix-command flakes auto-allocate-uids";
-      trusted-users = ["root" "fs0c131y" "remotebuilder"];
+      trusted-users = ["root" device.user "remotebuilder"];
       trusted-substituters = [
         "https://nix-community.cachix.org"
         "https://nixos-raspberrypi.cachix.org"
diff --git a/nixos/tako/services/default.nix b/nixos/tako/services/default.nix
index 16cd46d7..20154df3 100644
--- a/nixos/tako/services/default.nix
+++ b/nixos/tako/services/default.nix
@@ -1,6 +1,5 @@
 {...}: {
   imports = [
-    # ./authelia.nix
     # ./caddy.nix
     # ./excalidraw.nix
     # ./fail2ban.nix
@@ -9,7 +8,6 @@
     # ./gitea.nix
     # ./homepage.nix
     # # ./llama.nix
-    # ./lldap.nix
     # # ./monitoring.nix
     # # ./nextcloud.nix
     # # ./paperless.nix
@@ -19,7 +17,9 @@
     # ./headscale.nix
     # ./shitpost.nix
     ./atuin.nix
-    ./immich.nix
+    # ./immich.nix
+    # ./lldap.nix
+    # ./authelia.nix
     ./openssh.nix
     ./tailscale.nix
   ];
diff --git a/nixos/tako/services/openssh.nix b/nixos/tako/services/openssh.nix
index ea7f76e3..80f73359 100644
--- a/nixos/tako/services/openssh.nix
+++ b/nixos/tako/services/openssh.nix
@@ -1,7 +1,7 @@
 {...}: {
   services.openssh = {
     enable = true;
-    passwordAuthentication = false;
-    permitRootLogin = "prohibit-password";
+    settings.PasswordAuthentication = false;
+    settings.PermitRootLogin = "prohibit-password";
   };
 }