many changes I don't remember...

hosts/hyrule/default.nix

@@ -5,8 +5,8 @@
   ...
 }: let
   home-manager = builtins.fetchTarball {
-    url = "https://github.com/nix-community/home-manager/archive/master.tar.gz";
-    sha256 = "19w63qccz78v0spx03911z98w1bvlxvd07hb0ma14a4vdzi4ninj";
+    url = "https://github.com/nix-community/home-manager/archive/release-24.11.tar.gz";
+    sha256 = "0c07xj74vsj37d3a8f98i9rhhhr99ckwlp45n40f0qkmigm3pk8s";
   };
 in {
   # TODO:
@@ -15,11 +15,18 @@ in {
 
   imports = [
     ./hardware-configuration.nix
+    (import "${home-manager}/nixos")
+    #../../flakes/wishlist/wishlist.nix
     #../modules/server/nginx.nix
     #../modules/server/ssh.nix
     #../modules/server/fail2ban.nix
   ];
 
+  # override wishlist with the new cool one!
+  #pkgs.config.packageOverrides = {
+  #  wishlist = inputs.wishlist.packages.x86_64-linux.wishlist;
+  #};
+
   nix.settings = {
     # make wheel group trusted users allows my "ae" user
     # to import packages not signed by a trusted key
@@ -44,7 +51,8 @@ in {
     targetHost = "imbored.dev";
     targetUser = "ae";
     targetPort = 22;
-    sshOptions = ["-i ~/.ssh/id_hyrule"];
+    # the following line is unnecessary if using an ssh agent
+    #sshOptions = ["-i /home/me/.ssh/id_hyrule"];
     #keys = {
     #  "imbored.dev" = {
     #    # text, keyCommand, or keyFile must be set
@@ -72,6 +80,9 @@ in {
         22 # sshd
         80 # nginx
         443 # nginx
+        2222 # wishlist
+        2035 # debug (for my job)
+        5000 # debug (for my job)
       ];
     };
   };
@@ -86,13 +97,27 @@ in {
       # primary user
       ae = {
         isNormalUser = true;
-        extraGroups = ["wheel" "networkmanager"];
+        extraGroups = ["wheel" "networkmanager" "docker"];
         shell = pkgs.bash;
         home = "/home/ae"; # TEMP: remove and replace with home-manager
         packages = with pkgs; [
         ];
       };
 
+      subspace = let
+        # override
+        wishlistBash =
+          pkgs.bash.override {
+          };
+      in {
+        isNormalUser = true;
+        shell = pkgs.bash;
+        home = "/home/subspace";
+        packages = with pkgs; [
+          wishlist
+        ];
+      };
+
       # user for friends to ssh into
       friends = {
         isNormalUser = true;
@@ -104,6 +129,16 @@ in {
     };
   };
 
+  virtualisation.docker.enable = true;
+
+  home-manager = {
+    users = {
+      ae = import ../../homes/ae;
+      subspace = import ../../homes/subspace;
+    };
+    sharedModules = [];
+  };
+
   services = {
     # simple nginx instance to host static construction page
     nginx = {
@@ -127,18 +162,21 @@ in {
       };
     };
 
-    # quick and dirty way temporary way accessing my server
     openssh = {
       enable = true;
       ports = [22];
       settings = {
         PasswordAuthentication = true;
         PermitRootLogin = "no";
-        AllowUsers = ["ae"]; # allow all users by default
+        AllowUsers = ["ae" "subspace"]; # allow all users by default
         UseDns = true;
         X11Forwarding = false;
       };
     };
+
+    #wishlist = {
+    #  enable = true;
+    #};
   };
   # accept Lets Encrypt's security policy (for nginx)
   security.acme = {
@@ -146,16 +184,11 @@ in {
     defaults.email = "eclarkboman@gmail.com";
   };
 
-  #home-manager = {
-  #  users = {
-  #    dev = import ../../homes/dev;
-  #    friends = import ../../homes/friends;
-  #  };
-  #};
-
   environment.systemPackages = with pkgs; [
     vim
     helix
+
+    #wishlist
   ];
 
   programs = {
@@ -172,5 +205,17 @@ in {
     };
   };
 
+  #systemd.services.wishlist = {
+  #  description = "Single entrypoint for multiple SSH endpoints";
+  #  wantedBy = ["multi-user.target"];
+  #
+  #  serviceConfig = {
+  #    DynamicUser = "yes";
+  #    ExecStart = "${pkgs.wishlist}/bin/wishlist serve --config /home/$USER/.ssh/config";
+  #    Restart = "always";
+  #    RestartSec = "2s";
+  #  };
+  #};
+
   system.stateVersion = "24.11"; # DO NOT MODIFY
 }