11 files changed, 386 insertions, 0 deletions
diff --git a/users/timmy/default.nix b/users/timmy/default.nix
new file mode 100644
index 0000000..3a8a4e3
--- /dev/null
+++ b/users/timmy/default.nix
@@ -0,0 +1,78 @@
+{ lib, config, pkgs, home-manager, ... }: let
+	cfg = config._users.timmy;
+	username = "timmy";
+	fullname = "Tim Keller";
+	home = "/home/${username}";
+	sshKeyPaths = [ "${home}/.ssh/id_ed25519" ];
+	#sshPublicKeyPaths = lib.map (keyPath: keyPath + ".pub") sshKeyPaths;
+	sshPublicKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnsnAWcz46OVi1MWSxpOIUtUvwalijDwvW+oEvNjzep" ];
+in {
+	options._users.${username} = {
+		enable = lib.mkEnableOption "create user ${username}";
+		autologin.enable = lib.mkEnableOption "enables getty automatic login";
+	};
+
+	# FIXME
+	imports = [
+		./hosts.nix
+		./localization.nix
+		./nas.nix
+		./printing.nix
+		./repos.nix
+		./user.nix
+		./wifi.nix
+	];
+
+	config = lib.mkIf cfg.enable {
+		# Setup zsh
+		programs.zsh = {
+			enable = true;
+			_zshenv = {
+				enable = true;
+				exports = {
+					ZDOTDIR = "$HOME/.config/zsh";
+				};
+			};
+		};
+		#environment.systemPackages = [ pkgs.zsh-fast-syntax-highlighting ];  # TODO
+
+		# Setup normal user
+		users.users.${username} = {
+			inherit home;
+			description = fullname;
+			isNormalUser = true;
+			shell = pkgs.zsh;
+			extraGroups = [
+				"nixbld"
+				"video"
+				"wheel"
+			] ++ lib.optionals config.hardware.i2c.enable [
+				"i2c"
+			] ++ lib.optionals config.virtualisation.libvirtd.enable [
+				"libvirtd"
+			] ++ lib.optionals config.virtualisation.docker.enable [
+				"docker"
+			];
+		};
+
+		# Configure automatic login with getty
+		services.getty = lib.mkIf cfg.autologin.enable {
+			autologinUser = username;
+		};
+
+		# Configure sops age key paths since age keys are generated via ssh private key
+		sops.age = { inherit sshKeyPaths; };
+
+		# Add authorizedKeys to cgit service
+		services._cgit.ssh.authorizedKeys = {
+			keys = sshPublicKeys;
+			#keyFiles = sshPublicKeyPaths;
+		};
+
+		# Configure user home
+		home-manager.users.${username} = {
+			imports = [ ./home.nix ];
+			_users.${username}.home.enable = lib.mkDefault true;
+		};
+	};
+}
diff --git a/users/timmy/home.nix b/users/timmy/home.nix
new file mode 100644
index 0000000..cb99456
--- /dev/null
+++ b/users/timmy/home.nix
@@ -0,0 +1,65 @@
+{ lib, config, ... }: let
+	cfg = config._users.${username}.home;
+	username = "timmy";
+	email = "tjk@tjkeller.xyz";
+	fullname = "Tim Keller";
+	home = "/home/${username}";
+	userDirs = {
+		desktop   = "${home}";
+		download  = "${home}/dls";
+		documents = "${home}/docs";
+		pictures  = "${home}/pics";
+		# Set these as null so they're not created
+		music       = null;
+		publicShare = null;
+		templates   = null;
+		videos      = null;
+		#projects    = "${home}/docs/src"
+	};
+in {
+	options._users.${username}.home = {
+		enable = lib.mkEnableOption "configure home for user ${username}";
+	};
+
+	config = lib.mkIf cfg.enable {
+		# Setup home-manager
+		home = {
+			username = username;
+			homeDirectory = home;
+			stateVersion = "24.05";
+		};
+
+		# Setup userdirs
+		xdg.userDirs = {
+			enable = true;
+			createDirectories = true;
+		} // userDirs;
+
+		# Setup git
+		programs.git = {
+			enable = true;
+			settings = {
+				user = {
+					name = fullname;
+					email = email;
+				};
+				merge.tool = "nvimdiff";
+				mergetool.nvimdiff = {
+					cmd = ''nvim -d "$LOCAL" "$MERGED" "$REMOTE"'';
+					prompt = false;
+				};
+				# Unfortunately, this doesn't work for some reason
+				#url = {
+				#	"ssh://git@publicgit/".insteadOf = "https://git.tjkeller.xyz/";
+				#};
+			};
+		};
+
+		# Setup gtk bookmarks
+		gtk.gtk3.bookmarks = (
+			lib.mapAttrsToList (name: dir:
+				lib.mkIf (dir != null) "file://${dir} ${lib.toUpper (lib.substring 0 1 name)}${lib.substring 1 (-1) name}"  # Make first letter upper case
+			) userDirs
+		);
+	};
+}
diff --git a/users/timmy/hosts.nix b/users/timmy/hosts.nix
new file mode 100644
index 0000000..16d9619
--- /dev/null
+++ b/users/timmy/hosts.nix
@@ -0,0 +1,10 @@
+{
+	networking.hosts = {
+		"192.168.1.9"   = [ "optiplex" ];
+		"192.168.1.30"  = [ "localgit" ];
+		"192.168.1.11"  = [ "truenas-home" ];
+		"192.168.77.11" = [ "truenas-office" ];
+		"192.168.77.8"  = [ "publicgit" "tjkeller" ];
+		"192.168.77.3"  = [ "devel" ];
+	};
+}
diff --git a/users/timmy/localization.nix b/users/timmy/localization.nix
new file mode 100644
index 0000000..bcbb422
--- /dev/null
+++ b/users/timmy/localization.nix
@@ -0,0 +1,14 @@
+{ lib, config, ... }: {
+	time.timeZone = lib.mkDefault "America/Chicago";  # Overwritten by automatic-timezoned
+	i18n.defaultLocale = "en_US.UTF-8";
+	services.xserver.xkb.layout = "us";
+
+	# Setup static geoclue2 if wifi is disabled
+	services.geoclue2 = {
+		enableStatic = lib.mkDefault (!config._users.timmy.wifi.enable);
+		staticLatitude = 41.881832;
+		staticLongitude = -87.623177;
+		staticAltitude = 600;
+		staticAccuracy = 500;
+	};
+}
diff --git a/users/timmy/nas.nix b/users/timmy/nas.nix
new file mode 100644
index 0000000..8fa28c3
--- /dev/null
+++ b/users/timmy/nas.nix
@@ -0,0 +1,35 @@
+{ lib, config, ... } :
+let
+	cfg = config._users.timmy.nas;
+	mkNetworkFileSystem = device: automount: {
+		device = "${device}";
+		fsType = "nfs";
+		options = [ "defaults" ] ++ lib.optionals (!automount) [ "noauto" ];
+	};
+in {
+	options._users.timmy.nas = {
+		enable = lib.mkEnableOption "enable network shares";
+		home = {
+			enable = lib.mkEnableOption "enable home network shares";
+			automount = lib.mkEnableOption "automount home network shares";
+		};
+		office = {
+			enable = lib.mkEnableOption "enable office network shares";
+			automount = lib.mkEnableOption "automount home network shares";
+		};
+	};
+
+	config = lib.mkIf cfg.enable {
+		fileSystems = lib.optionalAttrs cfg.home.enable {
+			"/media/Storage/Media"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Media"               cfg.home.automount;
+			"/media/Storage/Backups" = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups"             cfg.home.automount;
+			"/media/Storage/Tapes"   = mkNetworkFileSystem "truenas-home:/mnt/Storage/Backups/Tapes"       cfg.home.automount;
+			"/media/Family Photos"   = mkNetworkFileSystem "truenas-home:/mnt/Media/Photos"                cfg.home.automount;
+		} // lib.optionalAttrs cfg.office.enable {
+			"/media/chexx/chexx"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/chexx"             cfg.office.automount;
+			"/media/chexx/tkdocs"    = mkNetworkFileSystem "truenas-office:/mnt/Storage/Users/Tim-Keller"  cfg.office.automount;
+			"/media/chexx/scans"     = mkNetworkFileSystem "truenas-office:/mnt/Storage/Scans"             cfg.office.automount;
+		};
+		# TODO auto mkdirz
+	};
+}
diff --git a/users/timmy/printing.nix b/users/timmy/printing.nix
new file mode 100644
index 0000000..d5cceab
--- /dev/null
+++ b/users/timmy/printing.nix
@@ -0,0 +1,39 @@
+{ lib, config, pkgs, ... }: {
+	config = lib.mkIf config.services.printing.enable {
+		# Printer drivers
+		services.printing.drivers = [
+			pkgs.epson-escpr2
+			pkgs.workcentre-7800-series
+		];
+
+		# Scanning programs
+		environment.systemPackages = with pkgs; [
+			epsonscan2
+		];
+
+		# Printers
+		networking.hosts = {
+			"192.168.1.35"  = [ "Epson_ET-8500" ];
+			"192.168.77.40" = [ "Xerox_WorkCentre_7855" ];
+		};
+
+		# Add printers to cups
+		hardware.printers.ensurePrinters = [
+			{
+				name = "Epson_ET-8500";
+				description = "Epson ET-8500";
+				location = "Home";
+				deviceUri = "ipp://Epson_ET-8500:631/ipp/print";
+				model = "epson-inkjet-printer-escpr2/Epson-ET-8500_Series-epson-escpr2-en.ppd";
+			}
+			#{
+			#	name = "Xerox_WorkCentre_7855";
+			#	description = "Xerox WorkCentre 7855";
+			#	location = "Office";
+			#	deviceUri = "ipp://Xerox_WorkCentre_7855:631/ipp/print";
+			#	model = "everywhere IPP Everywhere";
+			#}
+		];
+		hardware.printers.ensureDefaultPrinter = "Epson_ET-8500";
+	};
+}
diff --git a/users/timmy/repos.nix b/users/timmy/repos.nix
new file mode 100644
index 0000000..eed0219
--- /dev/null
+++ b/users/timmy/repos.nix
@@ -0,0 +1,48 @@
+{ config, ... }: let
+	server = "https://git.tjkeller.xyz/";
+	# TODO find how to get home manager config instead of nixos config
+	#srcHome = "${config.xdg.userDirs.documents}/src";
+	#configHome = config.xdg.configHome;
+	home = "/home/timmy";
+	srcHome = "${home}/docs/src";
+	configHome = "${home}/.config";
+in {
+	config = {
+		home-manager.users.timmy = {
+			reposync.enable = true;
+			reposync.outOfStoreGitRepository = {
+				config = {
+					inherit server;
+					repository = "dotconfig";
+					targetPrefix = srcHome;
+					stow.".".targetPrefix = configHome;
+				};
+				nixos = {
+					inherit server;
+					targetPrefix = srcHome;
+				};
+				scripts = {
+					inherit server;
+					targetPrefix = srcHome;
+					stow."*".target = ".local/bin";
+				};
+				userscripts = {
+					inherit server;
+					targetPrefix = srcHome;
+				};
+				awesome = {
+					inherit server;
+					targetPrefix = configHome;
+				};
+				nvim = {
+					inherit server;
+					targetPrefix = configHome;
+				};
+				zsh = {
+					inherit server;
+					targetPrefix = configHome;
+				};
+			};
+		};
+	};
+}
diff --git a/users/timmy/resources/secrets/hashed-root-password.yaml b/users/timmy/resources/secrets/hashed-root-password.yaml
new file mode 100644
index 0000000..aead57a
--- /dev/null
+++ b/users/timmy/resources/secrets/hashed-root-password.yaml
@@ -0,0 +1,34 @@
+hashed-root-password: ENC[AES256_GCM,data:7Qgoeb/6JPNupkHCBEzCs0FMP2cDEw972bjCRWeMrBrAMZzLsZc3Mbv03s1zLztUp6Ie93R5lVsamxKPUnaPt+Tnr/l+0E9aTmt7j7L6UzmWr12nj3FHxxTSU9ief6+ioIk+S4eICJspIQ==,iv:VoWP4qBCGzuYRpQw4nilUXByJ+ZwyZR/BdKowi+53DM=,tag:x6A00VCm8BEOhtv/WySXrQ==,type:str]
+sops:
+    age:
+        - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBraEhrNTZaMjVQQUdYOUU5
+            MURZVTcxRWxBRC9HMEg3amtsNE1qWEdsSkc4CmRYaVZxT0I3eHphbHAydzUwZEVH
+            UU1FL0J2bW5yMWYxeDAydlhOZ3dvbmcKLS0tIGwzcWtZbmI5aG9tSXF1d3hlelg3
+            dEczZGlSWmg0OEhoeERSSUMxVHR4a00Kwe7zenWUpfI+NxCM6m208smw6vGuPb7x
+            UF3d0LvQ7YJqlUsuuUjaBQcx0EHgjYH6NiT3ZimeBJJ4WfYEi87hkw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1f0tmpy2nam58skmznjyqd3zf54rxtfrk6fda0vlpq9y3yg6wac7sjf0vja
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISklHVjNLWkN6WmlRWGhv
+            LzczV3g5N1NKYWFGd09laWtmYU5RUUJDWkdRCkxBb2FRNnh1d3lIYVVNd0h3NG9M
+            VHkrZmpYbVdtc1hjR29vaTduOUtBQzQKLS0tIFF5Z1l3N25kaHdVNGI2aTJaQU90
+            SXdjTmdnUU5zdXlEVzM1cnl6R096QjgK1ZscVvYvEpiDgCXOaduqZ+aT1lCD2HBS
+            eOpseCvD78JQym55CWvZEGHjmZOH3+Ay2Wd0+W2Z9E43yKxIkT/Nng==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1zfvmt2avdlfz0fvchczplc84u7m8vqausm7zytl9s4x9m9yax4cqy30zpz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIZHVaTTNsWlQ2Ynk0WVNY
+            QkNEOUwvNXI0ZUdNSFZUdVJsQnh1NUZlbm13Ckg0NG1HU1pMOS9UZWJGaFBCQWth
+            VHZkdFB3RHEwMEhqZ3RtNmpzYUZPczQKLS0tIEwrVGViSTZGTGIrUnBBeGl0Mk1R
+            ZmZvWk9paVc2YmN5R0xZUmU2cmc0VDQKQVbliGNMYdEKW+z5f/yEnVvxIJFeA5h8
+            l6d9kxegWkQtQCBqEAC7+0ftDC/BnzdZD9aQAA/VeNNwtkrXib7YZQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-07-17T22:34:07Z"
+    mac: ENC[AES256_GCM,data:B95HuJC2o8B+P1f9kAtJTcSty7YSAByuqe/Xs6ce6780p05FuzWM5X9bwvwsYXngGNKqCHksWf50UXzJ3eyc6y4ISxdxljAv2FmJFKw4NkfGaOMiRLlGPMn1uFpOtkRT+qL0+mupWG/Ap3zcpbxjsDx46PUur+e6yRxlAHw8mGw=,iv:DYobhWK+4+7vOog7BrBASiHrEzzz0P6zqgWxexfcLG8=,tag:skGwUpDEB8e3TCjrxs5peA==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2
diff --git a/users/timmy/resources/secrets/wpa_supplicant-conf.yaml b/users/timmy/resources/secrets/wpa_supplicant-conf.yaml
new file mode 100644
index 0000000..5f82025
--- /dev/null
+++ b/users/timmy/resources/secrets/wpa_supplicant-conf.yaml
@@ -0,0 +1,16 @@
+wpa_supplicant-conf: ENC[AES256_GCM,data:Hntld2CdmE9ef+2PANrTT4+IHGxYEkKaMFg9xUmPz6RXvrtS2oAIVYV8lFFQ8jltbtzW8eCgFOqz2NfwyDaOhqRv/xLK/4MVpVRG0njmYV2e0YtfSe3XBOwoQaVxHKl7hk92Yat5vFBJY79+w3DiM36/WBEY0RlxsKIViEU76JYMpNhqipaqlZG2IjfNTIv4y6DlHaKiolzNQagtvqhid3GmOkMoHaQp5nIp9taW81hWFZZbIZMnEFIO60z3p3LXvhDPCXfkoZRv7obbl/rXzLzp2lSOV7sBLRqy3it2SplP1tGOkePsDiBppHIrr9PXoyebY2+e8ACGPKv0tNmreEYthlHOxsmOuAGdWD3oZrGz/HA7h2YhHCnT4fQTpUj3vJ03LpnZ8RMzyxexAiAFVFh1JJ34etX+rHTzVgF7dN0nbZk3hb0YXQAj1lynDFYXIXkVfGq1hDRM/z9Q0JfB9Ef7iQVz4k0nO5QlyElWl1yBOjOWNoIibaysodDWRTxw21AWQ5GEEzMgG0AenHfzsrjUfSWUP5EKakiBGN0LduRyY5RmHQYbVHpkpP1PqCBmWBwm1xQ6JsOaajvNnc/x3fNZjIzCbGWprB/KbLnAbsF279cTIxzfMZEO3rHKxxsp,iv:h59506YhHe5Sq61StpMzGLRtx1Vr+pUoWquJeNjALh4=,tag:dS+7M5p8Xdpk6jfgzTk30w==,type:str]
+sops:
+    age:
+        - recipient: age1w80rc0dnuu8nw99gw64c596qqetm78jdnsqajr0u7ephykekr39qfz8vnv
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxdXBUWXEvRU85Tk1lNWgz
+            ZHpENjdudmRuaEJIeVRHOHlDbWNzK0tQMGs4CmV6MVBpdE5PMTBWMm1PcDVFQ2VM
+            b0IwWDFxLy8xYUcxRVZFSEsyYlBFS1UKLS0tIHpCbDQ0a29TZlVFTGp4aXJCSmJ4
+            ZGxqMFQ1NDk1OHJIOUd0cVV0dzNNQlkKzYX36u0rEq6dMTCJf6OON6LzcEEnAB5A
+            +M9t3OKUUNtwgksjBUEwqBLJ1sU9amijpK63GUxwp74YDtsb0YXHiw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-03-07T16:00:28Z"
+    mac: ENC[AES256_GCM,data:pHvHTZVa9xxiblcWhemSaG6f9tu1KIk8eS8bj3F9guitTwXKdtSpAD6ZXn1IOWRFsAui8yrRjt9COdMjThOaOP2QjnOthJ3TDnfRaZnGoPBRzscsFLf2DApm6QBLokWEFP/1w6WxZQM/ajFo4qsxq0llym1146CEJ/hCqMMmWD8=,iv:GLLi3lIo2wusrZCBXfNMwj5fSoy/6tiP84yyRBXZhsc=,tag:8U+2YBYzx0Pw6OtXB5MsYQ==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.12.1
diff --git a/users/timmy/user.nix b/users/timmy/user.nix
new file mode 100644
index 0000000..2695549
--- /dev/null
+++ b/users/timmy/user.nix
@@ -0,0 +1,22 @@
+{ lib, config, pkgs, userDetails, ... }: let
+	cfg = config._archetypes.tjkeller.setPasswords;
+	hashedPasswordFile = config.sops.secrets.hashed-root-password.path;
+in {
+	options._archetypes.tjkeller.setPasswords = {
+		enable = lib.mkEnableOption "set users password. requires hashed root password from sops";
+	};
+
+	config = lib.mkIf cfg.enable {
+		# Load hashed root password secret
+		sops.secrets.hashed-root-password = {
+			sopsFile = ./resources/secrets/hashed-root-password.yaml;
+			neededForUsers = true;
+		};
+
+		# Apply password file
+		users.users = {
+			root = { inherit hashedPasswordFile; };
+			${userDetails.username} = lib.mkIf config._archetypes.users.primary.enable { inherit hashedPasswordFile; };
+		};
+	};
+}
diff --git a/users/timmy/wifi.nix b/users/timmy/wifi.nix
new file mode 100644
index 0000000..8c762b0
--- /dev/null
+++ b/users/timmy/wifi.nix
@@ -0,0 +1,25 @@
+{ lib, config, ... }: let
+	cfg = config._users.timmy.wifi;
+in {
+	options._users.timmy.wifi = {
+		enable = lib.mkEnableOption "enables wifi";
+	};
+
+	config = lib.mkIf cfg.enable {
+		networking.wireless = {
+			enable = true;  # Enables wireless support via wpa_supplicant.
+			userControlled.enable = true;
+			allowAuxiliaryImperativeNetworks = true;  # Networks defined in aux imperitive networks (/etc/wpa_supplicant.conf)
+		};
+
+		# Load wpa_supplicant.conf secret config
+		sops.secrets.wpa_supplicant-conf = {
+			sopsFile = ./resources/secrets/wpa_supplicant-conf.yaml;
+		};
+
+		# Link /etc/wpa_supplicant.conf -> secret config
+		environment.etc."wpa_supplicant.conf" = {
+			source = config.sops.secrets.wpa_supplicant-conf.path;
+		};
+	};
+}