Working refactored (on a test server)

2021-02-25 20:45:50 +00:00 · 2021-02-25 20:45:50 +00:00 · 42e01b0840
commit 42e01b0840
parent 372cf5fc6a
31 changed files with 400 additions and 194 deletions
--- a/config/common.nix
+++ b/config/common.nix
@ -0,0 +1,8 @@
 { config, lib, pkgs, ... }:
 # Config common to all hosts, which don't belong anywhere else
 {
  config = {
    home-manager.users.root = import ../home-manager/root.nix { inherit config lib pkgs; };
  };
 }
--- a/config/default.nix
+++ b/config/default.nix
@ -1,15 +1,14 @@
 { config, lib, pkgs, ... }:
 {
-  config = {
+  imports = [
-    imports = [
+    ./bash.nix
-      ./bash.nix
+    ./common.nix
-      ./domains.nix
+    ./domains.nix
-      ./groups.nix
+    ./groups.nix
-      ./hosts.nix
+    ./hosts.nix
-      ./sites.nix
+    ./sites.nix
-      ./users.nix
+    ./users.nix
-      ./wireless-networks.nix
+    ./wireless-networks.nix
-    ];
+  ];
  };
 }
--- a/config/domains.nix
+++ b/config/domains.nix
@ -2,27 +2,27 @@
 {
  config.fudo.domains = {
-    fudo.org = {
+    "fudo.org" = {
      local-networks = [ "208.81.1.128/28" "208.81.3.112/28" ];
      local-users = [ "niten" "reaper" ];
      local-groups = [ "fudo" "selby" "admin" ];
      admin-users = [ "niten" "reaper" ];
      admin-email = "admin@fudo.org";
      gssapi-realm = "FUDO.ORG";
    };
-    sea.fudo.org = {
+    "sea.fudo.org" = {
      local-networks = [ "10.0.0.0/24" ];
      local-users = [ "niten" "reaper" "xiaoxuan" "ken" ];
      local-groups = [ "fudo" "selby" "admin" ];
      admin-users = [ "niten" ];
      admin-email = "niten@fudo.org";
      gssapi-realm = "FUDO.ORG";
      local-dns = import ./networks/sea.fudo.org.nix { };
    };
-    rus.selby.ca = {
+    "rus.selby.ca" = {
      local-networks = [ "10.0.0.0/24" ];
      local-users = [
@ -37,17 +37,17 @@
        "jess"
        "andrew"
      ];
      local-groups = [ "fudo" "selby" "admin" ];
      local-admins = [ "niten" ];
      admin-email = "niten@fudo.org";
      gssapi-realm = "FUDO.ORG";
      local-dns = import ./networks/rus.selby.ca.nix { };
    };
-    informis.land = {
+    "informis.land" = {
      local-networks = [ ];
      local-users = [ "niten" "viator" ];
      local-groups = [ "admin" ];
      admin-users = [ "niten" ];
      admin-email = "viator@informis.land";
      gssapi-realm = "INFORMIS.LAND";
--- a/config/domains/fudo.org.nix
+++ b/config/domains/fudo.org.nix
@ -0,0 +1,4 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/domains/informis.land.nix
+++ b/config/domains/informis.land.nix
@ -0,0 +1,4 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/domains/rus.selby.ca.nix
+++ b/config/domains/rus.selby.ca.nix
@ -0,0 +1,5 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/domains/sea.fudo.org.nix
+++ b/config/domains/sea.fudo.org.nix
@ -0,0 +1,5 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/groups.nix
+++ b/config/groups.nix
@ -0,0 +1,79 @@
 { config, lib, pkgs, ... }:
 {
  config.fudo.groups = {
    admin = {
      gid = 1000;
      description = "Admin User Group";
      members = [
        "niten"
        "reaper"
        "swaff"
      ];
    };
    fudo = {
      gid = 1001;
      description = "Fudo User Group";
      members = [
        "andrew"
        "animus"
        "anorthe"
        "ark"
        "ben"
        "brian"
        "chad"
        "ckoo"
        "dabar"
        "dana"
        "darryl"
        "debo"
        "flowchart"
        "gaijin"
        "gubbs"
        "helen"
        "jess"
        "jill"
        "jinny"
        "joker4ever"
        "jun"
        "kevin"
        "kevinyinjunjie"
        "kris"
        "laura"
        "leefolio"
        "niten"
        "r3d3"
        "reaper"
        "rob"
        "saphira"
        "slickoil"
        "splat1"
        "stewartd"
        "swaff"
        "theblacksun"
        "xiaoxuan"
        "zimm"
      ];
    };
    selby = {
      gid = 1002;
      description = "Selby User Group";
      members = [
        "andrew"
        "brian"
        "darryl"
        "helen"
        "jess"
        "ken"
        "kevin"
        "laura"
        "niten"
        "rob"
        "vee"
        "xiaoxuan"
      ];
    };
  };
 }
--- a/config/hardware/plato.nix
+++ b/config/hardware/plato.nix
@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 with lib;
 {
  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
@ -53,7 +54,7 @@
    };
  };
-  services.autoScrub.enable = true;
+  services.zfs.autoScrub.enable = true;
  swapDevices = [{ device = "/dev/disk/by-label/plato-swap"; }];
@ -61,7 +62,9 @@
  hardware.bluetooth.enable = false;
-  network = {
+  networking = {
    hostId = substring 0 8 (fileContents /etc/machine-id);
    macvlans = {
      intif0 = {
        interface = "enp1s0";
--- a/config/hosts.nix
+++ b/config/hosts.nix
@ -4,87 +4,44 @@
  config.fudo.hosts = {
    atom = {
      description = "Niten's toy laptop.";
      domain = "sea.fudo.org";
      site = "seattle";
      profile = "laptop";
      enable-gui = false;
      hardware-config = ./hardware/atom.nix;
    };
-    clunk = let
+    clunk = {
      primary-ip = "10.0.0.1";
      internal-interfaces = [ "intif0" ];
      external-interface = "extif0";
      dns-over-https-port = 5353;
    in {
      description = "rus.selby.ca gateway box.";
      domain = "rus.selby.ca";
      site = "russell";
      profile = "gateway-server";
      docker-server = true;
      hardware-config = ./hardware/clunk.nix;
      extra-config = import ./hosts/clunk.nix { };
    };
    france = {
      description = "Primary fudo.org server.";
      domain = "fudo.org";
      site = "portage";
      profile = "server";
      docker-server = true;
      hardware-config = ./hardware/france.nix;
    };
    lambda = {
-      description = "Niten's experiment server.";
+      description = "sea.fudo.org experiment server.";
      domain = "sea.fudo.org";
      site = "seattle";
      profile = "server";
      docker-server = true;
      hardware-config = ./hardware/lambda.nix;
    };
    nostromo = {
      description = "sea.fudo.org gateway box and primary server.";
      domain = "sea.fudo.org";
      site = "seattle";
      profile = "gateway-server";
      docker-server = true;
      hardware-config = ./hardware/nostromo.nix;
    };
    plato = {
      description = "Niten's toy server.";
      domain = "rus.selby.ca";
      site = "russell";
      profile = "server";
      hardware-config = ./hardware/plato.nix;
    };
    procul = {
      description = "informis.land server.";
      domain = "informis.land";
      site = "joes-datacenter-0";
      profile = "server";
      docker-server = true;
      hardware-config = ./hardware/procul.nix;
    };
    spark = {
      description = "Niten's backup desktop.";
      domain = "sea.fudo.org";
      site = "seattle";
      profile = "desktop";
      hardware-config = ./hardware/spark.nix;
    };
    zbox = {
      description = "Niten's primary desktop.";
      domain = "sea.fudo.org";
      site = "seattle";
      profile = "desktop";
      hardware-config = ./hardware/zbox.nix;
    };
  };
 }
--- a/config/hosts/plato.nix
+++ b/config/hosts/plato.nix
@ -15,6 +15,11 @@ with lib; {
      ${pkgs.zfs}/bin/zfs rollback -r zroot/transient/root@blank
    '';
    security.sudo.extraConfig = ''
      # rollback results in sudo lectures after each reboot
      Defaults lecture = never
    '';
    services = {
      openssh = {
        hostKeys = [
--- a/config/profiles/common-ui.nix
+++ b/config/profiles/common-ui.nix
@ -21,6 +21,13 @@ in {
    windowManager.stumpwm.enable = true;
    emacs = {
      enable = true;
      install = true;
      package = pkgs.emacs;
      defaultEditor = true;
    };
    # windowManager.session = pkgs.lib.singleton {
    #   name = "stumpwm";
    #   start = ''
--- a/config/profiles/common.nix
+++ b/config/profiles/common.nix
@ -3,7 +3,7 @@
 with lib;
 let
  # Available to all users on the system. Keep it minimal.
-  global-packages = with pkgs; [ emacs openssh_gssapi vim wget ];
+  global-packages = with pkgs; [ openssh_gssapi vim wget ];
 in {
  environment = {
@ -11,7 +11,7 @@ in {
    systemPackages = global-packages;
-    environment.shellInit = ''
+    shellInit = ''
      ${pkgs.gnupg}/bin/gpg-connect-agent /bye
      export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
    '';
@ -23,11 +23,6 @@ in {
  system.autoUpgrade.enable = true;
  services = {
    emacs = {
      enable = true;
      defaultEditor = true;
    };
    openssh = {
      enable = true;
      startWhenNeeded = true;
--- a/config/profiles/server.nix
+++ b/config/profiles/server.nix
@ -48,13 +48,13 @@ in {
        emacs-nox
        ldns
        ldns.examples
-        jdk12_headless
+        jdk14_headless
        racket-minimal
        reboot-if-necessary
        test-config
      ];
-      noXlibs = true;
+      # noXlibs = lib.mkForce true;
    };
    security = { hideProcessInformation = true; };
@ -63,7 +63,16 @@ in {
    boot.tmpOnTmpfs = true;
-    services.xserver.enable = false;
+    services = {
      xserver.enable = false;
      emacs = {
        enable = true;
        install = true;
        package = pkgs.emacs;
        defaultEditor = true;
      };
    };
    sound.enable = false;
    hardware.pulseaudio.enable = false;
--- a/config/sites/joes-datacenter-0.nix
+++ b/config/sites/joes-datacenter-0.nix
@ -0,0 +1,5 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/sites/portage.nix
+++ b/config/sites/portage.nix
@ -0,0 +1,5 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/sites/russell.nix
+++ b/config/sites/russell.nix
@ -0,0 +1,5 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/sites/seattle.nix
+++ b/config/sites/seattle.nix
@ -0,0 +1,5 @@
 { config, lib, pkgs, ... }:
 {
 }
--- a/config/users.nix
+++ b/config/users.nix
@ -6,84 +6,85 @@
      uid = 10000;
      primary-group = "admin";
      common-name = "Peter Selby";
-      ldap-hashed-password = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA";
+      ldap-hashed-passwd = "{SSHA}dF/5NGkafL8M1kpa3LYZKdh0Pc7a02gA";
-      login-hashed-password =
+      login-hashed-passwd =
        "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
      ssh-authorized-keys = [
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDoWkjyeIfgwm0b78weToVYOQSD0RQ0qbNzpsN5NokbIFv2/980kLtnYrQEgIJ/JwMLlT3uJYacbCT5/a6Fb8oLxNpj0AF1EKaWZ3Rrlg72Sq+9SEwJwWWmZizX83sovMwUBMaUp6jWLhAhPpzBW5pfc5YWoc89wxGbELSwzgt5EgHbSJgvDnaHSp3fVaY01wfDXbL/oO160iNe7wv2HLMZu/FkWBkIjz6HmoGJJzYM89bUpHbyYG28lmCHB/8UPog5/BsjOn3/qupgf4zh6mMdMsXLvbR2jVwVjxcEMj9N5nCvc+Y3oi7Mij6VNrWbhkaAJMEzeMhWYrF3/pFQxUqG37aK3d0gw9kp5tMDLIlAPX4y1lfA87pIzoa0+Alql0CJQA1IJvp9SFG7lBmSthWQLmZvwwfoGg/ZjF6rOgsVoZ8TizpQnydWJDr6NboU9LL9Oa64OM5Rs0AU3cR2UbOF4QIcWFJ/7oDe3dOnfZ8QYqx9eXJyxoAUpDanaaTHYBiAKkeOBwQU+MVLKCcONKw9FZclf/1TpDB5b3/JeUFANjHQTv0UXA4YYU7iCx6H7XB4qwwtU9O19CGQYYfCfULX12/fRpYJw6VJaQWyyU4Bn5dk/dcB2nGI36jwbLMfhbUTIApujioAnd/GQIMakHEZ1+syPhMx9BxMkZb99B0A1Q== openpgp:0x4EC95B64"
      ];
-      home = "/home/niten";
+      home-directory = "/home/niten";
      home-manager-config = import ../home-manager/niten.nix { inherit config lib pkgs; };
    };
    andrew = {
      uid = 10001;
      primary-group = "selby";
      common-name = "Andrew Selby";
-      ldap-hashed-password = "";
+      ldap-hashed-passwd = "";
    };
    animus = {
      uid = 10002;
      primary-group = "fudo";
      common-name = "James Frazer";
-      ldap-hashed-password = "";
+      ldap-hashed-passwd = "";
    };
    ark = {
      uid = 10005;
      primary-group = "fudo";
      common-name = "Roger Wong";
-      ldap-hashed-password = "";
+      ldap-hashed-passwd = "";
    };
    ben = {
      uid = 10007;
      primary-group = "fudo";
      common-name = "Ben";
-      ldap-hashed-password = "{MD5}v0jY5bADu30cAR1Uu/eWYQ==";
+      ldap-hashed-passwd = "{MD5}v0jY5bADu30cAR1Uu/eWYQ==";
    };
    chad = {
      uid = 10011;
      primary-group = "fudo";
      common-name = "Chad Isbister";
-      ldap-hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
+      ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
    };
    ckoo = {
      uid = 10014;
      primary-group = "fudo";
      common-name = "Jason Bush";
-      ldap-hashed-password = "{MD5}KMFeaBc7e/gVzL/QUT0mYw==";
+      ldap-hashed-passwd = "{MD5}KMFeaBc7e/gVzL/QUT0mYw==";
    };
    dana = {
      uid = 10015;
      primary-group = "fudo";
      common-name = "Dana Eftodie";
-      ldap-hashed-password = "{MD5}+ijTylKau4uot2kGMqKSTA==";
+      ldap-hashed-passwd = "{MD5}+ijTylKau4uot2kGMqKSTA==";
    };
    jill = {
      uid = 10030;
      primary-group = "fudo";
      common-name = "Jill Isbister";
-      ldap-hashed-password = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
+      ldap-hashed-passwd = "{MD5}fQ309GUF2DvHlJ3R+5wNuA==";
    };
    joker4ever = {
      uid = 10033;
      primary-group = "fudo";
      common-name = "Jack Clarke";
-      ldap-hashed-password = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo";
+      ldap-hashed-passwd = "{SSHA}w78XwSax9WywIDujMxEoO7o87d2LDJRo";
    };
    ken = {
      uid = 10035;
      primary-group = "selby";
      common-name = "Ken Selby";
-      ldap-hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
+      ldap-hashed-passwd = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
-      login-hashed-password =
+      login-hashed-passwd =
        "$6$EwK9fpbH8$gYVzYY1IYw2/G0wCeUxXrZZqvjWCkCZbBqCOhxowbMuYtC5G0vp.AoYhVKWOJcHJM2c7TdPmAdnhLIe2KYStf.";
    };
@ -91,88 +92,88 @@
      uid = 10049;
      primary-group = "admin";
      common-name = "Jonathan Stewart";
-      ldap-hashed-password = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ==";
+      ldap-hashed-passwd = "{MD5}EBvifhJ6z9dIDx0KWkAPoQ==";
-      login-hashed-password =
+      login-hashed-passwd =
        "$6$a1q2Duoe35hd5$IaZGXPfqyGv9uq5DQm7DZq0vIHsUs39sLktBiBBqMiwl/f/Z4jSvNZLJp9DZJYe5u2qGBYh1ca.jsXvQA8FPZ/";
-      home = "/home/reaper";
+      home-directory = "/home/reaper";
    };
    slickoil = {
      uid = 10052;
      primary-group = "fudo";
      common-name = "Connor Cooley";
-      ldap-hashed-password = "{MD5}8Qrpagi8TYnZQdFoYe02rA==";
+      ldap-hashed-passwd = "{MD5}8Qrpagi8TYnZQdFoYe02rA==";
    };
    splat1 = {
      uid = 10053;
      primary-group = "fudo";
      common-name = "Matt Evans";
-      ldap-hashed-password = "{MD5}JeHNutGTBMHOqFgVlYjfpw==";
+      ldap-hashed-passwd = "{MD5}JeHNutGTBMHOqFgVlYjfpw==";
    };
    swaff = {
      uid = 10055;
      primary-group = "fudo";
      common-name = "Mark Swaffer";
-      ldap-hashed-password = "{MD5}C5gIsLsaKSvIPydu4uzhNg==";
+      ldap-hashed-passwd = "{MD5}C5gIsLsaKSvIPydu4uzhNg==";
    };
    brian = {
      uid = 10056;
      primary-group = "selby";
      common-name = "Brian Selby";
-      ldap-hashed-password = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1";
+      ldap-hashed-passwd = "{crypt}$1$npZLTPEO$p2bTx8TTlCg7XNiivTJsC1";
    };
    rob = {
      uid = 10057;
      primary-group = "selby";
      common-name = "Robert Selby";
-      ldap-hashed-password = "{crypt}HD1ESf1hAGdks";
+      ldap-hashed-passwd = "{crypt}HD1ESf1hAGdks";
    };
    tarbash = {
      uid = 10059;
      primary-group = "fudo";
      common-name = "Neville";
-      ldap-hashed-password = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//";
+      ldap-hashed-passwd = "{crypt}$1$cE6lVNbC$PLjlE9vK77SKNKwJBKiT//";
    };
    darryl = {
      uid = 10060;
      primary-group = "selby";
      common-name = "Darryl Kissick";
-      ldap-hashed-password = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0";
+      ldap-hashed-passwd = "{crypt}$1$oUNTMyKU$oUs6JqBRTPKE9A/sEzlSY0";
    };
    ayumi = {
      uid = 10061;
      primary-group = "fudo";
      common-name = "Ayumi Kira";
-      ldap-hashed-password = "{MD5}5OkpooOLxw94nF1lOfn/ZQ==";
+      ldap-hashed-passwd = "{MD5}5OkpooOLxw94nF1lOfn/ZQ==";
    };
    saphira = {
      uid = 10063;
      primary-group = "fudo";
      common-name = "Elizabeth Stewart";
-      ldap-hashed-password = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns.";
+      ldap-hashed-passwd = "{crypt}$1$cQ/Zq25x$fUQfUtpMB.f3rBWzttPns.";
    };
    banen = {
      uid = 10064;
      primary-group = "fudo";
      common-name = "Travis Neis";
-      ldap-hashed-password = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S.";
+      ldap-hashed-passwd = "{crypt}$1$cyfM/Vni$vIuirRln.MnWActOR6t8S.";
    };
    xiaoxuan = {
      uid = 10065;
      primary-group = "fudo";
      common-name = "Xiaoxuan Jin";
-      ldap-hashed-password = "{MD5}iecbyMpyVkmOaMBzSFy58Q==";
+      ldap-hashed-passwd = "{MD5}iecbyMpyVkmOaMBzSFy58Q==";
-      login-hashed-password =
+      login-hashed-passwd =
        "$6$C8lYHrK7KvdKm/RE$cHZ2hg5gEOEjTV8Zoayik8sz5h.Vh0.ClCgOlQn8l/2Qx/qdxqZ7xCsAZ1GZ.IEyESfhJeJbjLpykXDwPpfVF0";
    };
@ -180,232 +181,232 @@
      uid = 10066;
      primary-group = "fudo";
      common-name = "";
-      ldap-hashed-password = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/.";
+      ldap-hashed-passwd = "{crypt}$1$HzQOn3zV$ogkeS5ByWrFstYo0FhXB/.";
    };
    flowchart = {
      uid = 10067;
      primary-group = "fudo";
      common-name = "BH Bieterse";
-      ldap-hashed-password = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/";
+      ldap-hashed-passwd = "{crypt}$1$lQMZ42RZ$aAOsLHP0i.yfvD1a1EVsA/";
    };
    gubbs = {
      uid = 10068;
      primary-group = "fudo";
      common-name = "Lorcan Gavin";
-      ldap-hashed-password = "{MD5}AIf4bJZyHCnvJVL3YHRnIg==";
+      ldap-hashed-passwd = "{MD5}AIf4bJZyHCnvJVL3YHRnIg==";
    };
    debo = {
      uid = 10069;
      primary-group = "fudo";
      common-name = "Deborah Osti";
-      ldap-hashed-password = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1";
+      ldap-hashed-passwd = "{crypt}$1$5wEBGh/8$Ggp2JAI/rQiBXxJ89G0iq1";
    };
    leefolio = {
      uid = 10070;
      primary-group = "fudo";
      common-name = "Ze Artiste";
-      ldap-hashed-password = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1";
+      ldap-hashed-passwd = "{crypt}$1$LRlAYBst$sS1bPu8yEPrdYkQhoZhAq1";
    };
    zimm = {
      uid = 10071;
      primary-group = "fudo";
      common-name = "Ross Drinkwater";
-      ldap-hashed-password = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY";
+      ldap-hashed-passwd = "{SSHA}er1cgYDNPJsfLwtqYLopKMGMxiZZRGdY";
    };
    gaijin = {
      uid = 10072;
      primary-group = "fudo";
      common-name = "Tetsuo Torigai";
-      ldap-hashed-password = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0";
+      ldap-hashed-passwd = "{crypt}$1$bw8hyDXm$pMLLUtlDlVLwBTZiC0Lzf0";
    };
    anorthe = {
      uid = 10073;
      primary-group = "fudo";
      common-name = "Bonnie Wong";
-      ldap-hashed-password = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK.";
+      ldap-hashed-passwd = "{crypt}$1$DORfHzbp$nJkk0OXd7WzYDxx8LbdMK.";
    };
    stewartd = {
      uid = 10076;
      primary-group = "fudo";
      common-name = "Dwight Stewart";
-      ldap-hashed-password = "{MD5}e2GSmH+l4ZZ808snWsFNYw==";
+      ldap-hashed-passwd = "{MD5}e2GSmH+l4ZZ808snWsFNYw==";
    };
    jess = {
      uid = 10078;
      primary-group = "selby";
      common-name = "Jessica Selby";
-      ldap-hashed-password = "{MD5}2tbtZre16apUTNtRIK98nQ==";
+      ldap-hashed-passwd = "{MD5}2tbtZre16apUTNtRIK98nQ==";
    };
    kevin = {
      uid = 10079;
      primary-group = "selby";
      common-name = "Kevin Selby";
-      ldap-hashed-password = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM.";
+      ldap-hashed-passwd = "{crypt}$1$UYKrkMEe$SAABgc1pCBYgPFIMepNrM.";
    };
    theblacksun = {
      uid = 10080;
      primary-group = "fudo";
      common-name = "Brendan Goodfellow";
-      ldap-hashed-password = "{MD5}Hmw6pFYYT87nmpLp0QxcQw==";
+      ldap-hashed-passwd = "{MD5}Hmw6pFYYT87nmpLp0QxcQw==";
    };
    kris = {
      uid = 10082;
      primary-group = "selby";
      common-name = "Kris Huberdeau";
-      ldap-hashed-password = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y";
+      ldap-hashed-passwd = "{SSHA}RUYeAEUyblnCWa9uBzY9nwsmoksy8P3Y";
    };
    jun = {
      uid = 10083;
      primary-group = "fudo";
      common-name = "Junichi Suzuki";
-      ldap-hashed-password = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h.";
+      ldap-hashed-passwd = "{crypt}$1$ExfgQXb8$b1ihvMRbG2dWbnlmzzI/h.";
    };
    jinny = {
      uid = 10084;
      primary-group = "fudo";
      common-name = "Hye-jin Kim";
-      ldap-hashed-password = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30";
+      ldap-hashed-passwd = "{crypt}$1$6cld82N8$5a9ovCPXSacDmK3TWDaF30";
    };
    helen = {
      uid = 10086;
      primary-group = "selby";
      common-name = "Helen Selby";
-      ldap-hashed-password = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm";
+      ldap-hashed-passwd = "{SSHA}uckUXX09MjYq9++sF3f9b2IY8a9UBIxm";
    };
    vee = {
      uid = 10087;
      primary-group = "selby";
      common-name = "Vee Selby";
-      ldap-hashed-password = "snoinuer";
+      ldap-hashed-passwd = "snoinuer";
    };
    dabar = {
      uid = 10088;
      primary-group = "fudo";
      common-name = "Dan Bernardic";
-      ldap-hashed-password = "{MD5}ULrk46YUeUZQrl0+wAQiWA==";
+      ldap-hashed-passwd = "{MD5}ULrk46YUeUZQrl0+wAQiWA==";
    };
    r3d3 = {
      uid = 10089;
      primary-group = "fudo";
      common-name = "Derek Veroni";
-      ldap-hashed-password = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY=";
+      ldap-hashed-passwd = "{SHA}2XyijGDovUhA1/Z/XR+9h9Ia4fY=";
    };
    laura = {
      uid = 10090;
      primary-group = "selby";
      common-name = "Laura Selby";
-      ldap-hashed-password = "{MD5}MI65czN0duIudMhYH+BU9Q==";
+      ldap-hashed-passwd = "{MD5}MI65czN0duIudMhYH+BU9Q==";
    };
    tuk = {
      uid = 10091;
      primary-group = "fudo";
      common-name = "Taku Koba";
-      ldap-hashed-password = "{MD5}DQuoQluy50128r8MxAmFkQ==";
+      ldap-hashed-passwd = "{MD5}DQuoQluy50128r8MxAmFkQ==";
    };
    aki = {
      uid = 10092;
      primary-group = "fudo";
      common-name = "Akihito Mori";
-      ldap-hashed-password = "{MD5}oGAt2kJGKMqX+CmfV1w/GA==";
+      ldap-hashed-passwd = "{MD5}oGAt2kJGKMqX+CmfV1w/GA==";
    };
    ansyg = {
      uid = 10095;
      primary-group = "fudo";
      common-name = "Anseok Joo";
-      ldap-hashed-password = "{MD5}AHhHl02D3uDmWhPJZ6QPOw==";
+      ldap-hashed-passwd = "{MD5}AHhHl02D3uDmWhPJZ6QPOw==";
    };
    jackie = {
      uid = 10097;
      primary-group = "selby";
      common-name = "Jackie Selby";
-      ldap-hashed-password = "{MD5}fa6JfWySlH63sITsxrTt0Q==";
+      ldap-hashed-passwd = "{MD5}fa6JfWySlH63sITsxrTt0Q==";
    };
    mtopf = {
      uid = 10100;
      primary-group = "fudo";
      common-name = "Michael Topf";
-      ldap-hashed-password = "{MD5}/pleD8SiLhmnRr1RVspNcA==";
+      ldap-hashed-passwd = "{MD5}/pleD8SiLhmnRr1RVspNcA==";
    };
    tat = {
      uid = 10101;
      primary-group = "fudo";
      common-name = "Tatsuro Akano";
-      ldap-hashed-password = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA==";
+      ldap-hashed-passwd = "{MD5}fAV5GX8UdjsXIFjU0Ex4SA==";
    };
    blatzkrieg = {
      uid = 10102;
      primary-group = "fudo";
      common-name = "Brendan Blatz";
-      ldap-hashed-password = "{MD5}1nE/ndFwGbfH/wLagxvt8w==";
+      ldap-hashed-passwd = "{MD5}1nE/ndFwGbfH/wLagxvt8w==";
    };
    ellie = {
      uid = 10103;
      primary-group = "fudo";
      common-name = "Ellie Lee";
-      ldap-hashed-password = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA==";
+      ldap-hashed-passwd = "{MD5}gzjwt+kw2nmvJ1FKFTpSZA==";
    };
    alan = {
      uid = 10104;
      primary-group = "fudo";
      common-name = "Alan Wong";
-      ldap-hashed-password = "{MD5}WhohVE4xfo9RIOw1kG3s1Q==";
+      ldap-hashed-passwd = "{MD5}WhohVE4xfo9RIOw1kG3s1Q==";
    };
    omefire = {
      uid = 10105;
      primary-group = "fudo";
      common-name = "Omar Mefire";
-      ldap-hashed-password = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5";
+      ldap-hashed-passwd = "{SSHA}W6KWo26wl/nawpV++wMqsKdwrIwrait5";
    };
    gordon = {
      uid = 10106;
      primary-group = "fudo";
      common-name = "Gordon Stewart";
-      ldap-hashed-password = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0";
+      ldap-hashed-passwd = "{SSHA}jaCOc1ZjCI9klVR+v676lIBOidEg7/u0";
    };
    jeramy = {
      uid = 10107;
      primary-group = "selby";
      common-name = "Jeramy Ewbank";
-      ldap-hashed-password = "{MD5}8j8vTniyRzylmeTNUoRwWA==";
+      ldap-hashed-passwd = "{MD5}8j8vTniyRzylmeTNUoRwWA==";
    };
    lauren = {
      uid = 10108;
      primary-group = "selby";
      common-name = "Lauren Hotel";
-      ldap-hashed-password = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR";
+      ldap-hashed-passwd = "{SSHA}1q/MC5LKROlIT1nDrKrMvcFAXFtcQXIR";
-      # ldap-hashed-password = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg==";
+      # ldap-hashed-passwd = "{SSHA}DKnhrycmXSu4HKWFPeBXA9xvZ0ytgXIpZA10tg==";
    };
    # Used to send alerts from grafana
@ -413,14 +414,14 @@
      uid = 10109;
      primary-group = "fudo";
      common-name = "Fudo Metrics";
-      ldap-hashed-password = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1";
+      ldap-hashed-passwd = "{SSHA}FveEVy6kljQZey0xp0nF62SMlO5nATJ1";
    };
    testuser = {
      uid = 10110;
      primary-group = "fudo";
      common-name = "Test User";
-      ldap-hashed-password = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6";
+      ldap-hashed-passwd = "{SSHA}LSz1WjWfjRwAM3xm+QZ71vFj997dnZC6";
    };
    # Used to send messages from the chat server
@ -428,28 +429,28 @@
      uid = 10111;
      primary-group = "fudo";
      common-name = "Fudo Chat";
-      ldap-hashed-password = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7";
+      ldap-hashed-passwd = "{SSHA}XDYAM2JE4PXssywRzO4tVSbn5lUZOgg7";
    };
    kevinyinjunjie = {
      uid = 10112;
      primary-group = "fudo";
      common-name = "Kevin";
-      ldap-hashed-password = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl";
+      ldap-hashed-passwd = "{SSHA}1onx6HPMKCJvmLnRf1tiWFJ1D92DEtnl";
    };
    netinfo = {
      uid = 10113;
      primary-group = "fudo";
      common-name = "Network Info Mailer";
-      ldap-hashed-password = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc";
+      ldap-hashed-passwd = "{SSHA}UQHfW0IzjIbRU6VV+DraxvZFWt0to3oc";
    };
    selby-forum = {
      uid = 10114;
      primary-group = "selby";
      common-name = "Selby Forum";
-      ldap-hashed-password = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q";
+      ldap-hashed-passwd = "{SSHA}f7eDNuwFXRhvants5cJJ/FGtkCKheY2Q";
    };
  };
 }
--- a/default.nix
+++ b/default.nix
@ -1,10 +0,0 @@
 { config, lib, pkgs, local-hostname ? builtins.readFile ./instance-hostname.txt
 , ... }:
 let local-hostname = builtins.readFile ./instance-hostname.txt;
 in {
  lib = lib // { fudo = import ./lib/fudolib.nix { }; };
  instance.hostname = local-hostname;
  imports = [ ./lib ./config ./hardware.nix ];
 }
--- a/hardware.nix
+++ b/hardware.nix
@ -1,6 +1,14 @@
 { config, ... }:
-{
+let
  current-hostname = config.instance.hostname;
  hardware-config = config.fudo.hosts.${current-hostname}.hardware-config;
  import-hardware-config = hostname: {
    imports = [ hardware-config ];
  };
 in {
  imports =
-    [ config.fudo.hosts."${config.fudo.instance.hostname}".hardware-config ];
+    [ (import-hardware-config current-hostname) ];
 }
--- a/initialize.nix
+++ b/initialize.nix
@ -0,0 +1,30 @@
 { hostname, profile, domain, site, home-manager-package, ... }:
 {
  imports = [
    ./lib
    ./config
    ./packages
    (import "${home-manager-package}/nixos")
    (./. + "/config/hardware/${hostname}.nix")
    (./. + "/config/hosts/${hostname}.nix")
    (./. + "/config/profiles/${profile}.nix")
    (./. + "/config/domains/${domain}.nix")
    (./. + "/config/sites/${site}.nix")
  ];
  config = {
    instance = {
      hostname = hostname;
    };
    fudo.hosts."${hostname}" = {
      domain = domain;
      hostname = hostname;
      site = site;
      profile = profile;
    };
  };
 }
--- a/lib/default.nix
+++ b/lib/default.nix
@ -1,6 +1,8 @@
 { lib, config, pkgs, ... }:
 with lib; {
  lib = lib // { fudo = import ./lib/fudolib.nix { }; };
  imports = [
    ./instance.nix
@ -10,9 +12,11 @@ with lib; {
    ./fudo/chat.nix
    ./fudo/client/dns.nix
    ./fudo/dns.nix
    ./fudo/domains.nix
    ./fudo/garbage-collector.nix
    ./fudo/git.nix
    ./fudo/grafana.nix
    ./fudo/hosts.nix
    ./fudo/ipfs.nix
    ./fudo/kdc.nix
    ./fudo/ldap.nix
@ -26,10 +30,13 @@ with lib; {
    ./fudo/postgres.nix
    ./fudo/prometheus.nix
    ./fudo/secure-dns-proxy.nix
    ./fudo/sites.nix
    ./fudo/slynk.nix
    ./fudo/system.nix
    ./fudo/users.nix
    ./fudo/vpn.nix
    ./fudo/webmail.nix
    ./fudo/wireless-networks.nix
    ./informis/cl-gemini.nix
  ];
--- a/lib/fudo/domains.nix
+++ b/lib/fudo/domains.nix
@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  domainOpts = { domain, ... }: {
    options = {
@ -30,6 +31,12 @@ let
        default = [ ];
      };
      local-groups = mkOption {
        type = with types; listOf str;
 	description = "List of groups which should exist within this domain.";
 	default = [ ];
      };
      admin-email = mkOption {
        type = types.str;
        description = "Email for the administrator of this domain.";
--- a/lib/fudo/hosts.nix
+++ b/lib/fudo/hosts.nix
@ -17,6 +17,11 @@ let
        default = "fudo.org";
      };
      site = mkOption {
        type = types.str;
 	description = "Site at which the host is located.";
      };
      local-networks = mkOption {
        type = with types; listof str;
        description =
@ -51,6 +56,12 @@ let
        default = [ ];
      };
      description = mkOption {
        type = types.str;
 	description = "Description of this host.";
 	default = "Another Fudo Host.";
      };
      local-admins = mkOption {
        type = with types; listOf str;
        description =
@ -58,6 +69,17 @@ let
        default = [ ];
      };
      local-groups = mkOption {
        type = with types; listOf str;
 	description = "List of groups which should exist on this host.";
 	default = [ ];
      };
      hardware-config = mkOption {
        type = types.str;
 	description = "Path to the hardware configuration for this host.";
      };
      enable-gui = mkEnableOption "Install desktop GUI software.";
      docker-server = mkEnableOption "Enable Docker on the current host.";
@ -75,7 +97,7 @@ in {
    hostname = config.instance.hostname;
    host-cfg = config.fudo.hosts.${hostname};
    site-name = host-cfg.site;
-    site = config.fudo.site.${site-name};
+    site = config.fudo.sites.${site-name};
    domain-name = host-cfg.domain;
    domain = config.fudo.domain.${domain-name};
@ -96,12 +118,12 @@ in {
    services.cron.mailto = domain.admin-email;
    environment.systemPackages = with pkgs;
-      mkIf (cfg.docker-server) [ docker nix-prefetch-docker ];
+      mkIf (host-cfg.docker-server) [ docker nix-prefetch-docker ];
-    virtualisation.docker = mkIf (cfg.docker-server) {
+    virtualisation.docker = mkIf (host-cfg.docker-server) {
      enable = true;
      enableOnBoot = true;
-      autoprune.enable = true;
+      autoPrune.enable = true;
    };
  };
 }
--- a/lib/fudo/ldap.nix
+++ b/lib/fudo/ldap.nix
@ -3,7 +3,7 @@
 with lib;
 let
-  cfg = config.fudo.auth.server;
+  cfg = config.fudo.auth.ldap-server;
  ldapSystemUserOpts = { name, ... }: {
    options = {
@ -172,7 +172,7 @@ in {
  options = {
    fudo = {
      auth = {
-        server = {
+        ldap-server = {
          enable = mkEnableOption "Fudo Authentication";
          kerberos-host = mkOption {
@ -297,6 +297,7 @@ in {
          mode = "0400";
          user = "openldap";
          group = "openldap";
 	  # FIXME: take arguments!
          text = ''
            mech_list: gssapi external
            keytab: /etc/ldap/ldap.keytab
--- a/lib/fudo/sites.nix
+++ b/lib/fudo/sites.nix
@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  siteOpts = { site, ... }: {
    options = {
@ -27,6 +28,24 @@ let
        default = null;
      };
      local-groups = mkOption {
        type = with types; listOf str;
 	description = "List of groups which should exist at this site.";
 	default = [ ];
      };
      local-users = mkOption {
        type = with types; listOf str;
 	description = "List of users which should exist on all hosts at this site.";
 	default = [ ];
      };
      local-admins = mkOption {
        type = with types; listOf str;
 	description = "List of admin users which should exist on all hosts at this site.";
 	default = [ ];
      };
      enable-monitoring =
        mkEnableOption "Enable site-wide monitoring with prometheus.";
@ -35,12 +54,18 @@ let
        description = "List of nameservers to be used by hosts at this site.";
        default = [ ];
      };
      timezone = mkOption {
        type = types.str;
 	description = "Timezone of the site.";
 	example = "America/Winnipeg";
      };
    };
  };
 in {
  options.fudo.sites = mkOption {
-    type = with types; attrsOf (submodule domainOpts);
+    type = with types; attrsOf (submodule siteOpts);
    description = "Site configurations for all sites known to the system.";
    default = { };
  };
--- a/lib/fudo/users.nix
+++ b/lib/fudo/users.nix
@ -2,8 +2,6 @@
 with lib;
 let
  cfg = config.fudo.users;
  systemUserOpts = { username, ... }: {
    options = {
      username = mkOption {
@ -33,7 +31,7 @@ let
        default = username;
      };
-      uidNumber = mkOption {
+      uid = mkOption {
        type = types.int;
        description = "Unique UID number for the user.";
      };
@ -86,8 +84,9 @@ let
      };
      home-directory = mkOption {
-        type = types.str;
+        type = with types; nullOr str;
        description = "Default home directory for the given user.";
 	default = null;
      };
    };
  };
@ -111,13 +110,19 @@ let
        description = "A list of users who are members of the current group.";
      };
-      gidNumber = mkOption {
+      gid = mkOption {
        type = types.int;
        description = "GID number of the group.";
      };
    };
  };
  list-includes = list: el: isNull (findFirst (this: this == el) null list);
  filterExistingUsers = users: group-members:
    let user-list = attrNames users;
    in filter (username: list-includes user-list username) group-members;
 in {
  options.fudo = {
    users = mkOption {
@ -140,27 +145,28 @@ in {
  };
  config = let
-    local-host = config.fudo.common.hostname;
+    local-host = config.instance.hostname;
-    local-domain = config.fudo.common.domain;
+    local-domain = config.fudo.hosts.${local-host}.domain;
    local-site = config.fudo.hosts.${local-host}.site;
-    local-user-list = config.fudo.hosts."${local-host}".local-users;
+    host-user-list = config.fudo.hosts."${local-host}".local-users;
    domain-user-list = config.fudo.domains."${local-domain}".local-users;
-    local-users = getAttrs (local-user-list ++ domain-user-list) cfg.users;
+    local-users = getAttrs (host-user-list ++ domain-user-list) config.fudo.users;
-    local-group-list = config.fudo.hosts."${local-host}".local-groups;
+    host-admin-list = config.fudo.hosts."${local-host}".local-admins;
    domain-admin-list = config.fudo.domains."${local-domain}".local-admins;
    site-admin-list = config.fudo.sites."${local-site}".local-admins;
    local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list;
    host-group-list = config.fudo.hosts."${local-host}".local-groups;
    domain-group-list = config.fudo.domains."${local-domain}".local-groups;
-    local-groups = getAttrs (local-group-list ++ domain-group-list) cfg.groups;
+    site-group-list = config.fudo.sites."${local-site}".local-groups;
    local-groups = getAttrs (host-group-list ++ domain-group-list ++ site-group-list) config.fudo.groups;
  in {
-    fudo.auth.ldap = let
+    fudo.auth.ldap-server = let
      ldapUsers = (filterAttrs
-        (username: userOpts: userOpts.ldap-hashed-password != null)) cfg.users;
+        (username: userOpts: userOpts.ldap-hashed-password != null)) config.fudo.users;
      list-includes = list: el: isNull (findFirst (this: this == el) list null);
      filterExistingUsers = users: group-members:
        let user-list = attrNames users;
        in filter (username: list-includes user-list username) users;
    in {
      users = mapAttrs (username: userOpts: {
@ -174,31 +180,35 @@ in {
        gid = groupOpts.gid-number;
        description = groupOpts.description;
        members = filterExistingUsers ldapUsers groupOpts.members;
-      }) cfg.groups;
+      }) config.fudo.groups;
      system-users = mapAttrs (username: userOpts: {
        description = userOpts.description;
        hashed-password = userOpts.ldap-hashed-passwd;
-      }) cfg.system-users;
+      }) config.fudo.system-users;
    };
    users = {
      users = mapAttrs (username: userOpts: {
        isNormalUser = true;
-        uid = userOpts.uidNumber;
+        uid = userOpts.uid;
        createHome = true;
        description = userOpts.common-name;
        group = userOpts.primary-group;
-        home = userOpts.home;
+        home = if (userOpts.home-directory != null) then userOpts.home-directory else "/home/${userOpts.primary-group}/${username}";
        hashedPassword = userOpts.login-hashed-passwd;
        openssh.authorizedKeys.keys = userOpts.ssh-authorized-keys;
      }) local-users;
-      groups = mapAttrs (groupname: groupOpts: {
+      groups = (mapAttrs (groupname: groupOpts: {
-        gid = groupOpts.gidNumber;
+        gid = groupOpts.gid;
-        description = groupOpts.description;
+        members = filterExistingUsers local-users groupOpts.members;
-        members = filterExistingUsers localUsers groupOpts.members;
+      }) local-groups) //
-      }) local-groups;
+      {
 	wheel = {
 	  members = local-admins;
 	};
      };
    };
    home-manager.users = let
--- a/lib/fudo/wireless-networks.nix
+++ b/lib/fudo/wireless-networks.nix
@ -18,14 +18,14 @@ let
  };
 in {
-  option.fudo.wireless-networks = mkOption {
+  options.fudo.wireless-networks = mkOption {
    type = with types; listOf (submodule networkOpts);
    description = "A map of wireless networks to attributes (including key).";
    default = { };
  };
  config = {
-    wireless.networks =
+    networking.wireless.networks =
      mapAttrs (network: networkOpts: { psk = networkOpts.key; })
      config.fudo.wireless-networks;
  };
--- a/lib/instance.nix
+++ b/lib/instance.nix
@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 with lib;
 {
  options.instance = {
    hostname = mkOption {
--- a/packages/default.nix
+++ b/packages/default.nix
@ -66,6 +66,10 @@ in {
      buildInputs = oldAttrs.buildInputs ++ [ pkgs.krb5 ];
    });
    gtk3-x11 = pkgs.gtk3.overrideAttrs (oldAttrs: rec {
      buildInputs = oldAttrs.buildInputs ++ [ pkgs.cmake ];
    });
    hll2380dw-cups = import ./hll2380dw-cups.nix {
      inherit (pkgs)
        stdenv fetchurl makeWrapper cups dpkg a2ps ghostscript gnugrep gnused