Update default.nix

agenix?

skydick: switch Samba to ldapsam, rename ylw→ye-lw21, drop legacy datasets ...

- Samba passdb backend changed from tdbsam to ldapsam:ldap://10.0.0.1
- Added samba-ldap-admin-password oneshot to seed LDAP admin cred before smbd
- Pinned storage group to GID 997 to match LDAP posixGroup
- Renamed ylw to ye-lw21 across all hosts (users.nix, skydick, xlab-gateway)
- Removed legacy tmpfiles and NFS exports (share/backup/torrent/vm destroyed)
- Added bootstrap LDIF for sambaDomain, storage group, machines OU

Co-Authored-By: Claude Opus 4.6 <[email protected]>

users: equalize ldx and ylw permissions ...

- Add ylw to NOPASSWD sudo rule (matching ldx for deploy-rs)
- Add ldx hashedPassword on xlab-gateway (matching ylw)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

users: unify ylw as common admin, keep host-specific passwords and groups ...

Move ylw base identity (isNormalUser, wheel, SSH key) to modules/users.nix
alongside ldx. Host configs retain only extra groups and hashedPassword.
Also renames ye-lw21 to ylw on skydick.

Co-Authored-By: Claude Opus 4.6 <[email protected]>

xlab-gateway: fix ylw user missing isNormalUser and add wheel group ...

Co-Authored-By: Claude Opus 4.6 <[email protected]>

add ylw user to xlab-gateway

xlab-gateway: add hardware-configuration.nix, disable wait-online ...

- Import generated hardware-configuration.nix (Intel CPU microcode,
  boot modules for ehci_pci, ahci, nvme, kvm-intel)
- Disable systemd-networkd-wait-online (gateway doesn't need to block
  boot waiting for WireGuard interfaces)

Co-Authored-By: Claude Opus 4.6 <[email protected]>

Initial skyworks infrastructure flake ...

Unified NixOS configuration for skydick (storage server) and
xlab-gateway (lab router). Flat module structure with shared
common/users/ssh modules, agenix secrets, disko, and deploy-rs.

Co-Authored-By: Claude Opus 4.6 <[email protected]>