toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactors user declaration for /hosts and fixes related configs

Browse source
This commit is contained in:
Chris Toph 2025-05-08 19:19:06 -04:00
parent 704a630a33
commit 5cfde2d467
22 changed files with 122 additions and 266 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
home/toph/common/core/default.nix
View file

@ -8,9 +8,9 @@
...
}:
let
username = config.hostSpec.username;
homeDir = config.hostSpec.home;
shell = config.hostSpec.shell;
username = hostSpec.username;
homeDir = hostSpec.home;
shell = hostSpec.shell;
in
{
imports = lib.flatten [
@ -31,8 +31,6 @@ in
./zoxide.nix
];
inherit hostSpec;
services.ssh-agent.enable = true;
home = {

3
home/toph/common/core/fastfetch/default.nix
View file

@ -2,13 +2,14 @@
lib,
pkgs,
config,
hostSpec,
...
}:
{
#TODO: Scripts might need a rework
programs.fastfetch =
let
hostname = config.hostSpec.hostName;
hostname = hostSpec.hostName;
logoFile = ./. + "/host/${hostname}.txt";
weather = import ./scripts/weather.nix { inherit pkgs; };
title = import ./scripts/title.nix { inherit pkgs; };

8
home/toph/common/core/git.nix
View file

@ -4,12 +4,12 @@
lib,
config,
inputs,
hostSpec,
...
}:
let
# handle = config.hostSpec.handle;
fullName = config.hostSpec.userFullName;
email = config.hostSpec.email;
fullName = hostSpec.userFullName;
email = hostSpec.email;
in
{
programs.git = {
@ -48,7 +48,7 @@ in
];
};
url = lib.optionalAttrs (!config.hostSpec.isMinimal) {
url = lib.optionalAttrs (!hostSpec.isMinimal) {
# Only force ssh if it's not minimal
"ssh://git@github.com" = {
pushInsteadOf = "https://github.com";

3
home/toph/common/optional/gaming/switch.nix
View file

@ -3,6 +3,7 @@
pkgs,
config,
lib,
hostSpec,
...
}:
@ -14,7 +15,7 @@ let
# inherit pkgs;
# };
homeDir = config.hostSpec.home;
homeDir = hostSpec.home;
borg-wrapper = pkgs.writeScript "borg-wrapper" ''
#!${lib.getExe pkgs.fish}

2
hosts/global/common/system/pool.nix
View file

@ -19,10 +19,10 @@ in
requires = [ "pool.mount" ];
wantedBy = [ "multi-user.target" ];
script = ''
umount /pool/git
mkdir -p /pool/git
chown ${username}:ryot /pool/git
chmod 2775 /pool/git
rm -rf ${homeDir}/git
ln -sf /pool/git ${homeDir}/git
chown -h ${username}:ryot ${homeDir}/git
'';

12
hosts/global/core/default.nix
View file

@ -17,7 +17,6 @@ in
(map lib.custom.relativeToRoot [
"modules/global"
"hosts/users"
])
];
@ -73,17 +72,6 @@ in
hardware.enableAllFirmware = true;
security.sudo = {
extraRules = [
{
users = [ config.hostSpec.username ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
extraConfig = ''
Defaults lecture = never # rollback results in sudo lectures after each reboot, it's somewhat useless anyway
Defaults pwfeedback # password input feedback - makes typed password visible as asterisks

104
hosts/global/core/user.nix Normal file
View file

@ -0,0 +1,104 @@
# User config applicable only to nixos
{
inputs,
config,
lib,
pkgs,
...
}:
let
hostSpec = config.hostSpec;
username = hostSpec.username;
# Get user-specific secrets if they exist
user = config.secretsSpec.users.${username} or { };
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
isMinimal = hostSpec.isMinimal or false;
in
{
users.groups = {
ryot = lib.mkIf (!isMinimal) {
gid = 1004;
members = [ username ];
};
};
users.mutableUsers = false;
users.users.${username} = {
home = hostSpec.home;
isNormalUser = true;
createHome = true;
description = "Admin";
homeMode = "750";
hashedPassword = user.hashedPassword or hostSpec.hashedPassword;
uid = 1000;
group = if !isMinimal then "ryot" else "users";
shell = hostSpec.shell or pkgs.fish;
extraGroups = lib.flatten [
"wheel"
(ifTheyExist [
"adbusers"
"audio"
"docker"
"gamemode"
"git"
"libvirtd"
"networkmanager"
"video"
])
];
openssh.authorizedKeys.keys = builtins.attrValues config.secretsSpec.ssh.publicKeys or [ ];
};
# Special sudo config for user
security.sudo.extraRules = [
{
users = [ username ];
commands = [
{
command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
# No matter what environment we are in we want these tools for root, and the user(s)
programs.git.enable = true;
# root's ssh key are mainly used for remote deployment, borg, and some other specific ops
users.users.root = {
shell = pkgs.bash;
hashedPassword = lib.mkForce hostSpec.hashedPassword;
openssh.authorizedKeys.keys = builtins.attrValues config.secretsSpec.ssh.publicKeys or [ ];
};
}
// lib.optionalAttrs (inputs ? "home-manager") {
# Setup root home?
home-manager.users.root = lib.optionalAttrs (!isMinimal) {
home.stateVersion = "24.05"; # Avoid error
};
# Set up home-manager for the configured user
home-manager = {
extraSpecialArgs = {
inherit pkgs inputs;
inherit (config) secretsSpec hostSpec;
};
users.${username} = lib.optionalAttrs (!isMinimal) {
imports = [
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${username}/${hostSpec.hostName}") {
inherit
config
hostSpec
inputs
lib
pkgs
;
}
)
];
};
};
}

3
hosts/nixos/cloud/default.nix
View file

@ -32,9 +32,6 @@ in
## Optional Configs ##
"hosts/global/common/acme"
"hosts/global/common/docker.nix"
## Host user ##
"hosts/users/${username}" # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];

3
hosts/nixos/komodo/default.nix
View file

@ -31,9 +31,6 @@ in
## Optional Configs ##
"hosts/global/common/acme"
"hosts/global/common/docker.nix"
## Host User ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];

3
hosts/nixos/lxc/default.nix
View file

@ -26,9 +26,6 @@ in
(map lib.custom.relativeToRoot [
## Required Configs ##
"hosts/global/core"
## Proxy Specific ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];

3
hosts/nixos/nix/default.nix
View file

@ -28,9 +28,6 @@ in
"hosts/global/core"
## Optional Configs ##
## Nix Specific ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];

3
hosts/nixos/proxy/default.nix
View file

@ -32,9 +32,6 @@ in
## Optional Configs ##
"hosts/global/common/acme"
"hosts/global/common/docker.nix"
## Proxy User ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];

4
hosts/nixos/rune/config/default.nix Normal file
View file

@ -0,0 +1,4 @@
{ lib, ... }:
{
imports = lib.custom.scanPaths ./.;
}

8
hosts/nixos/rune/default.nix
View file

@ -18,6 +18,8 @@ let
in
{
imports = lib.flatten [
## Rune Only ##
# ./config
## Hardware ##
./hardware.nix
@ -41,12 +43,6 @@ in
"hosts/global/common/nvtop.nix" # GPU monitor (not available in home-manager)
"hosts/global/common/plymouth.nix" # fancy boot screen
"hosts/global/common/vial.nix" # KB setup
# "hosts/global/common/ventura.nix" # macos vm
## Misc Inputs ##
## Rune Specific ##
"hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
])
];

3
hosts/nixos/vm/default.nix
View file

@ -35,9 +35,6 @@ in
# "hosts/global/common/plymouth.nix" # fancy boot screen
## Misc Inputs ##
## VM Specific ##
"hosts/users/${username}" # Not the best solution but I always have just one user so ¯\_(ツ)_/¯
])
];

3
hosts/readme.md
View file

@ -1,8 +1,5 @@
# TODO:
- I dont like the current system for hosts importing their main user
- I could rework hostSpecs so its imported since flake and manage it like that?
- or just rework the users/default and the hosts/core to just work different...
- Fix up how DEs are configured, its not modular at all rn, i need to be able to select the DE from hostSpec and it should be able to change config per user
- decouple /pool from places its not needed, or should be optional
- some users should not have access to pool or just cant access it cuz not local

23
hosts/users/cesar/default.nix
View file

@ -1,23 +0,0 @@
{ config, ... }:
let
hostSpec = config.hostSpec;
in
{
users.groups = {
ryot = {
gid = 1004;
members = [ "${hostSpec.username}" ];
};
};
# Set a temp password for use by minimal builds like installer and iso
users.users.${hostSpec.username} = {
isNormalUser = true;
hashedPassword = hostSpec.hashedPassword;
group = "ryot";
extraGroups = [
"wheel"
];
};
}

64
hosts/users/default.nix
View file

@ -1,64 +0,0 @@
# User config applicable only to nixos
{
inputs,
config,
lib,
pkgs,
...
}:
let
hostSpec = config.hostSpec;
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
users.groups = {
ryot = {
gid = 1004;
members = [ "${hostSpec.username}" ];
};
};
users.mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation!
users.users.${hostSpec.username} = {
home = "${hostSpec.home}";
isNormalUser = true;
createHome = true;
description = "Admin";
homeMode = "750";
hashedPassword = hostSpec.hashedPassword;
uid = 1000;
group = "ryot";
extraGroups = lib.flatten [
"wheel"
# Some of these groups are defined elsewhere in the system
# But honestly not sure what runs first so just add them here i guess
(ifTheyExist [
"adbusers"
"audio"
"docker"
"gamemode"
"git"
"libvirtd"
"networkmanager"
"video"
])
];
};
# No matter what environment we are in we want these tools for root, and the user(s)
programs.git.enable = true;
# root's ssh key are mainly used for remote deployment, borg, and some other specific ops
users.users.root = {
shell = pkgs.bash;
hashedPassword = lib.mkForce hostSpec.hashedPassword;
openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
};
}
// lib.optionalAttrs (inputs ? "home-manager") {
# Setup root home?
home-manager.users.root = lib.optionalAttrs (!hostSpec.isMinimal) {
home.stateVersion = "24.05"; # Avoid error
};
}

23
hosts/users/gio/default.nix
View file

@ -1,23 +0,0 @@
{ config, ... }:
let
hostSpec = config.hostSpec;
in
{
users.groups = {
ryot = {
gid = 1004;
members = [ "${hostSpec.username}" ];
};
};
# Set a temp password for use by minimal builds like installer and iso
users.users.${hostSpec.username} = {
isNormalUser = true;
hashedPassword = hostSpec.hashedPassword;
group = "ryot";
extraGroups = [
"wheel"
];
};
}

23
hosts/users/gio/minimal/default.nix
View file

@ -1,23 +0,0 @@
{ config, ... }:
let
hostSpec = config.hostSpec;
in
{
users.groups = {
ryot = {
gid = 1004;
members = [ "${hostSpec.username}" ];
};
};
# Set a temp password for use by minimal builds like installer and iso
users.users.${hostSpec.username} = {
isNormalUser = true;
hashedPassword = hostSpec.hashedPassword;
group = "ryot";
extraGroups = [
"wheel"
];
};
}

23
hosts/users/minimal/default.nix
View file

@ -1,23 +0,0 @@
{ config, ... }:
let
hostSpec = config.hostSpec;
in
{
users.groups = {
ryot = {
gid = 1004;
members = [ "${hostSpec.username}" ];
};
};
# Set a temp password for use by minimal builds like installer and iso
users.users.${hostSpec.username} = {
isNormalUser = true;
hashedPassword = hostSpec.hashedPassword;
group = "ryot";
extraGroups = [
"wheel"
];
};
}

59
hosts/users/toph/default.nix
View file

@ -1,59 +0,0 @@
{
inputs,
pkgs,
config,
lib,
...
}:
let
hostSpec = config.hostSpec;
username = hostSpec.username;
homeDir = hostSpec.home;
_shell = hostSpec.shell;
pubKeys = builtins.attrValues config.secretsSpec.ssh.publicKeys;
in
{
users.users.${username} = {
name = hostSpec.username;
shell = _shell;
# These get placed into /etc/ssh/authorized_keys.d/<name> on nixos
openssh.authorizedKeys.keys = pubKeys;
};
# Create ssh directory when homemanager is not loaded
systemd.tmpfiles.rules =
let
user = config.users.users.${username}.name;
group = config.users.users.${username}.group;
in
[
"d ${homeDir}/.ssh 0750 ${user} ${group} -"
];
programs.fish.enable = true;
}
# Import the user's personal/home configurations, unless the environment is minimal
// lib.optionalAttrs (inputs ? "home-manager") {
home-manager = {
extraSpecialArgs = {
inherit pkgs inputs;
inherit (config) secretsSpec hostSpec;
};
users.${username}.imports = lib.flatten (
lib.optional (!hostSpec.isMinimal) [
(
{ config, ... }:
import (lib.custom.relativeToRoot "home/${username}/${hostSpec.hostName}") {
inherit
pkgs
inputs
config
lib
hostSpec
;
}
)
]
);
};
}