From 4d009c46bd57677875c27b8b135673762edb581a Mon Sep 17 00:00:00 2001
From: jay <jay@zerojay.com>
Date: Sun, 13 Jul 2025 20:17:46 -0400
Subject: [PATCH] Some documentation comments.

---
 nodes/hosts/common/system/nixos.nix    | 1 +
 nodes/hosts/common/system/security.nix | 7 +++++--
 nodes/hosts/common/system/sops.nix     | 1 +
 nodes/hosts/common/system/users.nix    | 8 +++++++-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/nodes/hosts/common/system/nixos.nix b/nodes/hosts/common/system/nixos.nix
index 74f0e1d..b4dbacd 100644
--- a/nodes/hosts/common/system/nixos.nix
+++ b/nodes/hosts/common/system/nixos.nix
@@ -12,5 +12,6 @@
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
 
+  # Use some of our RAM as swap space.
   zramSwap.enable = true;
 }
diff --git a/nodes/hosts/common/system/security.nix b/nodes/hosts/common/system/security.nix
index 9bdc475..3dc6bf7 100644
--- a/nodes/hosts/common/system/security.nix
+++ b/nodes/hosts/common/system/security.nix
@@ -9,11 +9,14 @@
         "unix-group:wheel"
       ];
     };
-    
+   
+    # For security reasons, we are disabling the use of regular sudo and...
     sudo = {
       enable = lib.mkForce false;
     };
-   
+  
+    # ...switching over to sudo-rs which is a Rust rewrite of sudo.
+    # See https://cybersecsentinel.com/cve-2025-32463-privilege-escalation-in-sudo-triggers-urgent-linux-patching/.
     sudo-rs = {
       enable = true;
       wheelNeedsPassword = true;
diff --git a/nodes/hosts/common/system/sops.nix b/nodes/hosts/common/system/sops.nix
index 948d960..af967a0 100644
--- a/nodes/hosts/common/system/sops.nix
+++ b/nodes/hosts/common/system/sops.nix
@@ -1,4 +1,5 @@
 { ... }: {
+  # Setting up secrets, incomplete at the moment.
   sops = {
     #defaultSopsFile = ../../../../private/secrets.yaml;
     #secrets = {
diff --git a/nodes/hosts/common/system/users.nix b/nodes/hosts/common/system/users.nix
index 135ec87..44fbac4 100644
--- a/nodes/hosts/common/system/users.nix
+++ b/nodes/hosts/common/system/users.nix
@@ -1,16 +1,22 @@
 { ... }: {
-  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # Let's setup our user accounts here.
+
   #sops.secrets = {
   #  jay_password_hash = { };
   #};
 
   users = {
+    # mutableUsers forces user passwords to stay as those defined in this file.
+    # With it set to false, you will not be able to change the password for users defined here.
     mutableUsers = false;
     users.jay = {
       isNormalUser = true;
       description = "jay";
       #hashedPasswordFile = config.sops.secrets.jay_password_hash.path;
       hashedPassword = "$y$j9T$oomgQFsMbc0odlNIUXEpq/$dhgLjElzaJuU3rF1wXGcSXFUWC/fP1g5mAPZizKUFQ4";
+
+      # Gamemode group allows gamemode to set cpu governor to performance when games launch.
+      # See https://nixos.wiki/wiki/Gamemode
       extraGroups = [ "networkmanager" "wheel" "gamemode" ];
     };
   };