feat: further fixups

nixos/common/access.nix

@@ -2,17 +2,34 @@
 # TODO: solve lib usage
 inherit (lib.lists) concatLists elem;
 inherit (lib.attrsets) mapAttrsToList;
+commonUser = {
+  shell = pkgs.zsh;
+  openssh.authorizedKeys.keys = concatLists (mapAttrsToList
+        (name: user:
+         if elem "wheel" user.extraGroups then
+         user.openssh.authorizedKeys.keys
+         else
+         [ ])
+        config.users.users);
+};
 in {
-  users.users.root = {
-    shell = pkgs.zsh;
-    hashedPassword =
-      "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";
-    openssh.authorizedKeys.keys = concatLists (mapAttrsToList
-          (name: user:
-           if elem "wheel" user.extraGroups then
-           user.openssh.authorizedKeys.keys
-           else
-           [ ])
-          config.users.users);
+  security.sudo.extraRules = [{
+    users = [ "deploy" ];
+    commands = [ {
+      command = "ALL";
+      options = [
+        "NOPASSWD"
+        "SETENV"
+      ];
+    } ];
+  }];
+  users.users = {
+    root = commonUser // {
+      hashedPassword =
+        "$6$i28yOXoo$/WokLdKds5ZHtJHcuyGrH2WaDQQk/2Pj0xRGLgS8UcmY2oMv3fw2j/85PRpsJJwCB2GBRYRK5LlvdTleHd3mB.";
+    };
+    deploy = commonUser // {
+      isNormalUser = true;
+    };
   };
-   }
+}

nixos/common/network.nix

@@ -1,5 +1,7 @@
-_: {
-  networking.nftables.enable = true;
-
+{ machine, ... }: {
+  networking = {
+    hostName = machine;
+    nftables.enable = true;
+  };
   services.tailscale.enable = true;
 }

nixos/gui/fonts.nix

@@ -1,12 +1,9 @@
 { pkgs, ... }: {
   fonts = {
-    fonts = (with pkgs; [
+    fonts = with pkgs; [
       twitter-color-emoji
-    ]) ++ (with pkgs.iosevka-comfy; [
-      comfy
-      comfy-motion
-      comfy-wide
-    ]);
+      iosevka-bin
+    ];
     enableDefaultFonts = true;
     fontDir.enable = true;
     fontconfig = {