High-sea disk to 40gb.

Pantheon is actually really nice, but unusable for me on nixos because
of how I use ssh agent. KDE provides ksshaskpass as a total
replacement for pinentry, it seems, and Pantheon just uses pinentry.

On nixos, pinentry appears to be Fucked Up, and changing pinentry
binaries to other nixos packages doesn't result in anything besides
more of regular pinentry, which doesn't allow copy paste, which is a
NON STARTER.

FUcking linux.

nix-configs/hosts/hoyden/configuration.nix

@@ -64,13 +64,14 @@ in {
     displayManager.sddm.enable = true;
     desktopManager.plasma5.enable = true;
     windowManager.awesome = {
-      enable = true;
-      luaModules = with pkgs.luaPackages; [
-        luarocks # is the package manager for Lua modules
-        luadbi-mysql # Database abstraction layer
-      ];
-    };
+       enable = true;
+       luaModules = with pkgs.luaPackages; [
+         luarocks # is the package manager for Lua modules
+         luadbi-mysql # Database abstraction layer
+       ];
+     };
   };
+
   services.flatpak.enable = true;
 
   # try and handle some of the dumb long term storage optimiztaion issues with nixos:
@@ -103,7 +104,7 @@ in {
   # Enable touchpad support (enabled default in most desktopManager).
   # services.xserver.libinput.enable = true;
 
-  # enable docker, virtualbox, virtualization shit
+  # enable acker, virtualbox, virtualization shit
   virtualisation.docker.enable = true;
   virtualisation.virtualbox.host.enable = false;
   virtualisation.virtualbox.host.enableExtensionPack = false;
@@ -143,10 +144,7 @@ in {
 
   environment.systemPackages = with pkgs; [
     # build shit
-    morph # ultimately this seems not useful to me; weird errors.
-    nixops
     android-studio
-    deploy-rs
     direnv
     autoconf
     yarn
@@ -159,9 +157,6 @@ in {
     konsole
     patchelf
     docker
-    # jlj dev
-    # python-language-server
-    # python38Packages.python-language-server
     # jlj utils
     # nur.repos.bhipple.talon # this is broken, right now, and there isn't another option to try.
     darktable
@@ -180,7 +175,6 @@ in {
     nodejs_20
     pipenv
     bitwarden
-    chromium
     magic-wormhole
     firefox
     google-chrome
@@ -197,7 +191,6 @@ in {
     keychain
     os-prober
     lsof
-    wireguard-tools
     tailscale
     fortune
     unstable.youtube-dl
@@ -220,10 +213,8 @@ in {
     discord
     konversation
     unstable.signal-desktop
-    newsflash # same maker as feedreader, newer, less features, actively maintained.
     zoom-us
     spectral
-    jitsi-meet-electron
     # jlj de
     syncthingtray
     # unstable.synology-drive-client
@@ -236,8 +227,6 @@ in {
     rofi
     i3lock
     vlc
-    unstable.thunderbird
-    birdtray # tray icon for thunderbird
     peruse
     libsForQt5.ark
     # tauon # this is a good music player but it doesn't come bundled proper in nixos; install via flatpak you bitch
@@ -252,10 +241,8 @@ in {
     kde-gtk-config
     libsForQt5.kde-cli-tools
     arc-kde-theme
-    # jlj games
-    lutris
-    steam
-    vulkan-tools
+    # XFCE stuff
+    xfce.thunar
   ];
 
   # Some programs need SUID wrappers, can be configured further or are
@@ -307,17 +294,6 @@ in {
     fsType = "nfs";
   };
 
-  # this doens't work right
-  # fileSystems."/home/josiah/network-share/sainthood/homes" = {
-  #   #device = "//sainthood.home.jowj.net/volume3/homes/";
-  #   device = "//sainthood.home.jowj.net//volume3/homes/";
-  #   fsType = "cifs";
-  #   options = let
-  #     # this line prevents hanging on network split
-  #     automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
-  #   in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
-  # };
-
   # Open ports in the firewall.
   # networking.firewall.allowedTCPPorts = [ ... ];
   # networking.firewall.allowedUDPPorts = [ ... ];

nix-configs/hosts/hoyden/pantheonn-test.nix

@@ -0,0 +1,342 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+let
+  unstableTarball = fetchTarball
+    "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
+  nurTarball = builtins.fetchTarball
+    "https://github.com/nix-community/NUR/archive/master.tar.gz";
+
+in {
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "hoyden"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  time.timeZone = "US/Central";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.eno1.useDHCP = true;
+  networking.interfaces.wlp0s20f3.useDHCP = true;
+  
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+  fonts.fonts = with pkgs; [
+    # Serif fonts
+    roboto
+    ttf_bitstream_vera
+    liberation_ttf
+    dejavu_fonts
+
+    # Emoji
+    openmoji-color
+  ];
+
+  fonts.fontconfig = { defaultFonts = { emoji = [ "OpenMoji Color" ]; }; };
+
+  # Enable the X11 windowing system.
+  services.xserver = {
+    enable = true;
+    autoRepeatDelay = 150;
+    # autoRepeatInterval = something; # this is configurable so i'm leaving it here, but not sure that i need it.
+    # displayManager.sddm.enable = true;
+    # desktopManager.plasma5.enable = true;
+    displayManager.lightdm.enable = true;    
+     # windowManager.awesome = {
+     #   enable = true;
+     #   luaModules = with pkgs.luaPackages; [
+     #     luarocks # is the package manager for Lua modules
+     #     luadbi-mysql # Database abstraction layer
+     #   ];
+     # };
+  };
+  services.flatpak.enable = true;
+
+  services.xserver.desktopManager.pantheon.enable = true;  
+
+  # try and handle some of the dumb long term storage optimiztaion issues with nixos:
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.extraConfig = "load-module module-combine-sink";   #troubleshooting a dumb mic issue
+  hardware.pulseaudio.package = pkgs.pulseaudioFull; # troubleshooting a dumb mic issues
+  programs.dconf.enable = true;
+
+
+  # handle bluetooth
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # enable docker, virtualbox, virtualization shit
+  virtualisation.docker.enable = true;
+  virtualisation.virtualbox.host.enable = false;
+  virtualisation.virtualbox.host.enableExtensionPack = false;
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.josiah = {
+    isNormalUser = true;
+    extraGroups =
+      [ "wheel" "audio" "sound" "video" "docker" "vboxusers" "adbusers" ];
+    # My SSH keys.
+    openssh.authorizedKeys.keys = [
+      # Replace this with your SSH key!
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
+    ];
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+
+  nixpkgs.config = {
+    packageOverrides = pkgs: {
+      unstable = import unstableTarball { config = config.nixpkgs.config; };
+      nur = import nurTarball {
+        inherit pkgs;
+      };
+    };
+    permittedInsecurePackages = [ 
+      "python2.7-certifi-2021.10.8"
+      "python2.7-pyjwt-1.7.1"
+      "python-2.7.18.6"
+      "openssl-1.1.1u"
+
+    ]; # required for poetry
+    
+  };
+
+  environment.systemPackages = with pkgs; [
+    # build shit
+    android-studio
+    direnv
+    autoconf
+    yarn
+    automake
+    gnumake
+    wget
+    gcc-arm-embedded
+    xorg.libX11
+    vim
+    konsole
+    patchelf
+    docker
+    # jlj dev
+    # nur.repos.bhipple.talon # this is broken, right now, and there isn't another option to try.
+    darktable
+    digikam
+    offlineimap
+    unzip
+    ansible
+    terraform
+    terraformer
+    awscli2
+    pass
+    gnome.seahorse
+    doctl
+    python38
+    python38Packages.pip
+    python38Packages.setuptools
+    nodejs_20
+    pipenv
+    bitwarden
+    chromium
+    magic-wormhole
+    firefox
+    google-chrome
+    unstable.nyxt
+    emacs
+    vscode
+    emacsPackages.flyspell-correct
+    nixfmt
+    mu
+    ispell
+    obsidian
+    zeal
+    git
+    keychain
+    os-prober
+    lsof
+    wireguard-tools
+    tailscale
+    fortune
+    unstable.youtube-dl
+    unstable.yt-dlp
+    gcc8
+    dfu-util
+    scrot
+    qbittorrent
+    obs-studio
+    texlive.combined.scheme-full
+    # jlj sound
+    pavucontrol
+    blueman
+    bluedevil
+    bluez
+    gnome.cheese
+    gnome3.gnome-tweaks
+    xdotool # Certain kind of wm intearction is possible here?
+    wmctrl
+    # jlj comms
+    unstable.element-desktop
+    slack
+    discord
+    konversation
+    unstable.signal-desktop
+    newsflash # same maker as feedreader, newer, less features, actively maintained.
+    zoom-us
+    spectral
+    jitsi-meet-electron
+    # jlj de
+    syncthingtray
+    barrier
+    pinentry-curses
+    acpi
+    awesome
+    networkmanagerapplet
+    arc-icon-theme
+    rofi
+    i3lock
+    vlc
+    unstable.thunderbird
+    birdtray # tray icon for thunderbird
+    peruse
+    libsForQt5.ark
+    # tauon # this is a good music player but it doesn't come bundled proper in nixos; install via flatpak you bitch
+    # rsi stuff
+    rsibreak
+    workrave
+    unstable.espanso # text expander
+    xclip # c&p from cli / required for espanso
+    libnotify # required for espanso
+    arc-icon-theme
+    # kde specific stuff
+    kde-gtk-config
+    libsForQt5.kde-cli-tools
+    arc-kde-theme
+    # jlj games
+    lutris
+    vulkan-tools
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # services.dbus.packages = [ pkgs.gcr ];
+  # services.pcscd.enable = true;  
+/*   programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    pinentryFlavor = "curses";
+  };
+ */
+  programs.adb.enable = true;
+
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  };  
+
+  # List services that you want to enable:
+
+  services = {
+    syncthing = {
+      enable = true;
+      user = "josiah";
+      dataDir = "/home/josiah/dhd"; # Default folder for new synced folders
+      configDir =
+        "/home/josiah/.config/syncthing"; # Folder for Syncthing's settings and keys
+    };
+    tailscale.enable = true;
+    openssh.enable = true;
+  };
+
+  # Configure ssh auth for sudo/pam
+  security.sudo.enable = true;
+  security.pam.enableSSHAgentAuth = true;
+  security.pam.services.sudo.sshAgentAuth = true;
+  security.sudo.wheelNeedsPassword = false;  
+
+  # this works properly
+  fileSystems."/home/josiah/network-share/syn-nas/usenet" = {
+    device = "192.168.1.221:/volume1/usenet";
+    fsType = "nfs";
+  };
+
+  fileSystems."/home/josiah/network-share/sainthood/homes" = {
+    device = "sainthood.home.jowj.net:/volume3/homes/";
+    options = [ "nfsvers=3" ];
+    fsType = "nfs";
+  };
+
+  fileSystems."/home/josiah/network-share/sainthood/sainthouse-wide" = {
+    device = "sainthood.home.jowj.net:/volume4/sainthouse-wide/";
+    options = [ "nfsvers=3" ];
+    fsType = "nfs";
+  };
+
+  # this doens't work right
+  # fileSystems."/home/josiah/network-share/sainthood/homes" = {
+  #   #device = "//sainthood.home.jowj.net/volume3/homes/";
+  #   device = "//sainthood.home.jowj.net//volume3/homes/";
+  #   fsType = "cifs";
+  #   options = let
+  #     # this line prevents hanging on network split
+  #     automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+  #   in ["${automount_opts},credentials=/etc/nixos/smb-secrets"];
+  # };
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+}

nix-configs/hosts/hoyden/xfce-test.nix

@@ -0,0 +1,319 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+let
+  unstableTarball = fetchTarball
+    "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz";
+  nurTarball = builtins.fetchTarball
+    "https://github.com/nix-community/NUR/archive/master.tar.gz";
+
+in {
+  imports = [ # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+  ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "hoyden"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # Set your time zone.
+  time.timeZone = "US/Central";
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.eno1.useDHCP = true;
+  networking.interfaces.wlp0s20f3.useDHCP = true;
+  
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+  fonts.fonts = with pkgs; [
+    # Serif fonts
+    roboto
+    ttf_bitstream_vera
+    liberation_ttf
+    dejavu_fonts
+
+    # Emoji
+    openmoji-color
+  ];
+
+  fonts.fontconfig = { defaultFonts = { emoji = [ "OpenMoji Color" ]; }; };
+
+  # Enable the X11 windowing system.
+  services.xserver = {
+    enable = true;   
+    autoRepeatDelay = 150;
+    # autoRepeatInterval = something; # this is configurable so i'm leaving it here, but not sure that i need it.
+    desktopManager = {
+      xterm.enable = false;
+      xfce = {
+        enable = true;
+        noDesktop = true;
+        enableXfwm = false;
+      };
+    };
+    displayManager.defaultSession = "xfce+awesome";
+    windowManager.awesome = {
+       enable = true;
+       luaModules = with pkgs.luaPackages; [
+         luarocks # is the package manager for Lua modules
+         luadbi-mysql # Database abstraction layer
+       ];
+     };    
+  }; 
+  
+/*   xdg.portal.enable = true;
+  services.flatpak.enable = true; */
+
+  # try and handle some of the dumb long term storage optimiztaion issues with nixos:
+  nix.gc = {
+    automatic = true;
+    dates = "weekly";
+    options = "--delete-older-than 30d";
+  };
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+  hardware.pulseaudio.extraConfig = "load-module module-combine-sink";   #troubleshooting a dumb mic issue
+  hardware.pulseaudio.package = pkgs.pulseaudioFull; # troubleshooting a dumb mic issues
+  programs.dconf.enable = true;
+
+
+  # handle bluetooth
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+  
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # enable acker, virtualbox, virtualization shit
+  virtualisation.docker.enable = true;
+  virtualisation.virtualbox.host.enable = false;
+  virtualisation.virtualbox.host.enableExtensionPack = false;
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.josiah = {
+    isNormalUser = true;
+    extraGroups =
+      [ "wheel" "audio" "sound" "video" "docker" "vboxusers" "adbusers" ];
+    # My SSH keys.
+    openssh.authorizedKeys.keys = [
+      # Replace this with your SSH key!
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin"
+    ];
+  };
+
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+
+  nixpkgs.config = {
+    packageOverrides = pkgs: {
+      unstable = import unstableTarball { config = config.nixpkgs.config; };
+      nur = import nurTarball {
+        inherit pkgs;
+      };
+    };
+    permittedInsecurePackages = [ 
+      "python2.7-certifi-2021.10.8"
+      "python2.7-pyjwt-1.7.1"
+      "python-2.7.18.6"
+      "openssl-1.1.1u"
+
+    ]; # required for poetry
+    
+  };
+
+  environment.systemPackages = with pkgs; [
+    # build shit
+    android-studio
+    direnv
+    autoconf
+    yarn
+    automake
+    gnumake
+    wget
+    gcc-arm-embedded
+    xorg.libX11
+    vim
+    konsole
+    patchelf
+    docker
+    # jlj utils
+    # nur.repos.bhipple.talon # this is broken, right now, and there isn't another option to try.
+    darktable
+    digikam
+    offlineimap
+    unzip
+    ansible
+    terraform
+    terraformer
+    awscli2
+    pass
+    doctl
+    python38
+    python38Packages.pip
+    python38Packages.setuptools
+    nodejs_20
+    pipenv
+    bitwarden
+    magic-wormhole
+    firefox
+    google-chrome
+    unstable.nyxt
+    emacs
+    vscode
+    emacsPackages.flyspell-correct
+    nixfmt
+    mu
+    ispell
+    obsidian
+    zeal
+    git
+    keychain
+    os-prober
+    lsof
+    tailscale
+    fortune
+    unstable.youtube-dl
+    unstable.yt-dlp
+    gcc8
+    dfu-util
+    scrot
+    qbittorrent
+    obs-studio
+    texlive.combined.scheme-full
+    # jlj sound
+    pavucontrol
+    blueman
+    bluedevil
+    bluez
+    gnome.cheese
+    # jlj comms
+    unstable.element-desktop
+    slack
+    discord
+    konversation
+    unstable.signal-desktop
+    zoom-us
+    spectral
+    # jlj de
+    syncthingtray
+    # unstable.synology-drive-client
+    barrier
+    pinentry
+    acpi
+    awesome
+    networkmanagerapplet
+    arc-icon-theme
+    rofi
+    i3lock
+    vlc
+    peruse
+    libsForQt5.ark
+    # tauon # this is a good music player but it doesn't come bundled proper in nixos; install via flatpak you bitch
+    # rsi stuff
+    rsibreak
+    workrave
+    unstable.espanso # text expander
+    xclip # c&p from cli / required for espanso
+    libnotify # required for espanso
+    arc-icon-theme
+    # kde specific stuff
+    kde-gtk-config
+    libsForQt5.kde-cli-tools
+    arc-kde-theme
+    # XFCE stuff
+    #xfce.thunar
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    pinentryFlavor = "gnome3";
+  };
+
+  programs.adb.enable = true;
+
+  # List services that you want to enable:
+
+  services = {
+    syncthing = {
+      enable = true;
+      user = "josiah";
+      dataDir = "/home/josiah/dhd"; # Default folder for new synced folders
+      configDir =
+        "/home/josiah/.config/syncthing"; # Folder for Syncthing's settings and keys
+    };
+    tailscale.enable = true;
+    openssh.enable = true;
+  };
+
+  # Configure ssh auth for sudo/pam
+  security.sudo.enable = true;
+  security.pam.enableSSHAgentAuth = true;
+  security.pam.services.sudo.sshAgentAuth = true;
+  security.sudo.wheelNeedsPassword = false;  
+
+  # this works properly
+  fileSystems."/home/josiah/network-share/syn-nas/usenet" = {
+    device = "192.168.1.221:/volume1/usenet";
+    fsType = "nfs";
+  };
+
+  fileSystems."/home/josiah/network-share/sainthood/homes" = {
+    device = "sainthood.home.jowj.net:/volume3/homes/";
+    options = [ "nfsvers=3" ];
+    fsType = "nfs";
+  };
+
+  fileSystems."/home/josiah/network-share/sainthood/sainthouse-wide" = {
+    device = "sainthood.home.jowj.net:/volume4/sainthouse-wide/";
+    options = [ "nfsvers=3" ];
+    fsType = "nfs";
+  };
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = false;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+}

terraform/bikeshed/.terraform.lock.hcl

@@ -1,6 +1,30 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 
+provider "registry.terraform.io/digitalocean/digitalocean" {
+  version     = "2.29.0"
+  constraints = "~> 2.29.0"
+  hashes = [
+    "h1:OLSxMaqLOUl6DjQ3vz14odCyMCcLA63ltBNPgrIQHG4=",
+    "zh:0af0a1a2de818c5dc8ee7ad4dc4731452848e84cfa0c1ce514af1c7aad15c53c",
+    "zh:27229f3162b4142be48554f56227265982f3b74e4c79fa5d2528c8a3912d1e19",
+    "zh:31d6e73bfe12231fa0ab3bbeef0e4aa9822a2008ae2a1a8b22557bdada4af7a3",
+    "zh:6e7417413e96b87a11d47e9acbc88e6d707a6ab23a7de6b584fc600d9d3cbf00",
+    "zh:9faf40798a698b80e8d56e502c220856d2d5f55d5137b9cf5371f2fdaeadd70a",
+    "zh:b9ab9caf21b3f928fdd891e749fd8d33f6d441b39a08d725edf58cf8027a9b7b",
+    "zh:be32b3a35474f8acbab4d0ad8676810fa05a87918cc1874b53672159005016c0",
+    "zh:c2e8f7c08cad44b46e2e5580183e1ef2a4f1803347de136d1a35f333973a25f0",
+    "zh:cf0aba5b5042c762da489050716815652f809f3ef0ededb0f981f11691dbef03",
+    "zh:d1c0874c0ae0aa1eae86dbd131978796303599709c35b5dee926887d375f4cc8",
+    "zh:d4eecb61e763950a5a0f40cddc7a58345419a522b783aae7b0703309a354bb0c",
+    "zh:d866df86dd78eb2a9e54ebff637301522766710bb6dc7f8e330f1146822b62ee",
+    "zh:da51541ef96d0a5745740dc623bff3ccfb6b098b548d78cf5e9d95a15c69963a",
+    "zh:ede343be1528b468feae3a1cbf781e223f63ce33446a008a42f2fb799a23b436",
+    "zh:f20a60e2cecd29bbcc73d59e95aca368e2c55b7648f1923df2c0f7578026b048",
+    "zh:fccaf963f2db1e271e9d28276172910ca6b95471b8e0dfac758daf0495ce17f5",
+  ]
+}
+
 provider "registry.terraform.io/telmate/proxmox" {
   version     = "2.7.4"
   constraints = "2.7.4"

terraform/bikeshed/high-sea.tf

@@ -0,0 +1,50 @@
+provider "proxmox" {
+    # url is the hostname (FQDN if you have one) for the proxmox host you'd like to connect to to issue the commands.
+    pm_api_url = "https://192.168.1.230:8006/api2/json"
+    pm_api_token_id = var.PM_API_TOKEN_ID
+    pm_api_token_secret = var.PM_API_TOKEN_SECRET
+    pm_tls_insecure = true
+}
+
+resource "proxmox_vm_qemu" "high-sea" {
+    name = "high-sea" 
+    target_node = var.high-sea-host
+    clone = var.template_name
+    # basic VM settings here. agent refers to guest agent
+    agent = 1
+    os_type = "debian"
+    cores = 2
+    sockets = 1
+    cpu = "host"
+    memory = 4096
+    scsihw = "virtio-scsi-pci"
+    bootdisk = "scsi0"
+    disk {
+        slot = 0
+        # set disk size here. leave it small for testing because expanding the disk takes time.
+        size = "40G"
+        type = "scsi"
+        storage = "sainthood-cifs"
+        iothread = 0
+    }
+    
+    # if you want two NICs, just copy this whole network section and duplicate it
+    network {
+        model = "virtio"
+        bridge = "vmbr0"
+    }
+    # not sure exactly what this is for. presumably something about MAC addresses and ignore network changes during the life of the VM
+    lifecycle {
+        ignore_changes = [
+            network,
+        ]
+    }
+    
+    ipconfig0 = "ip=10.10.1.10/24,gw=10.98.1.1"
+    
+    # sshkeys set using variables. the variable contains the text of the key.
+}
+
+# Configure DO DNS after VM is build. A record to point to machine?
+
+

terraform/bikeshed/main.tf_test

@@ -1,12 +1,3 @@
-terraform {
-    required_providers {
-	proxmox = {
-	    source = "telmate/proxmox"
-	    version = "2.7.4"
-	}
-    }
-}
-
 provider "proxmox" {
     # url is the hostname (FQDN if you have one) for the proxmox host you'd like to connect to to issue the commands. my proxmox host is 'prox-1u'. Add /api2/json at the end for the API
     pm_api_url = "https://192.168.1.230:8006/api2/json"

terraform/bikeshed/provider.tf

@@ -0,0 +1,31 @@
+terraform {
+    required_providers {
+	proxmox = {
+	    source = "telmate/proxmox"
+	    version = "2.7.4"
+	    }
+	digitalocean = {
+	    source = "digitalocean/digitalocean"
+	    version = "~> 2.29.0"
+	    }
+    }
+    backend "s3" {
+        key      = "bikeshed/terraform.tfstate"
+        bucket   = "deploy-state"
+        region   = "us-west-2"
+        endpoint = "https://sfo2.digitaloceanspaces.com"
+        skip_region_validation      = true
+        skip_credentials_validation = true
+        skip_metadata_api_check     = true
+
+        # This is actually not needed, but declaring it here helps me remember where its supposed to live.	
+        # You gotta comment these out when initing the terraform backend? for some reason.
+        shared_credentials_files = ["~/.aws/credentials"]
+        shared_config_files = ["~/.aws/config"]    	
+    }
+}
+
+
+provider "digitalocean" {
+    token = var.DO_PAT
+}

terraform/bikeshed/vars.tf

@@ -1,8 +1,13 @@
 variable "proxmox_host" {
     default = "demiurge"
 }
+
 variable "template_name" {
-    default = "debian-template"
+    default = "debian-template-cifs"
+}
+
+variable "high-sea-host" {
+    default = "seraph"
 }
 
 variable "PM_API_TOKEN_ID" {
@@ -11,7 +16,13 @@ variable "PM_API_TOKEN_ID" {
     sensitive   = true
 }
 variable "PM_API_TOKEN_SECRET" {
-    description = "Secret for prooxmox management."
+    description = "Secret for proxmox management."
     type        = string
     sensitive   = true    
 }
+
+variable "DO_PAT" {
+    description = "Personal access token for managing DO infra."
+    type        = string
+    sensitive   = true
+}