From 5cfde2d4679c1b30fef9d3f8dcf8d304dc00d54a Mon Sep 17 00:00:00 2001 From: Chris Toph Date: Thu, 8 May 2025 19:19:06 -0400 Subject: [PATCH] Refactors user declaration for /hosts and fixes related configs --- home/toph/common/core/default.nix | 8 +- home/toph/common/core/fastfetch/default.nix | 3 +- home/toph/common/core/git.nix | 8 +- home/toph/common/optional/gaming/switch.nix | 3 +- hosts/global/common/system/pool.nix | 2 +- hosts/global/core/default.nix | 12 --- hosts/global/core/user.nix | 104 ++++++++++++++++++++ hosts/nixos/cloud/default.nix | 3 - hosts/nixos/komodo/default.nix | 3 - hosts/nixos/lxc/default.nix | 3 - hosts/nixos/nix/default.nix | 3 - hosts/nixos/proxy/default.nix | 3 - hosts/nixos/rune/config/default.nix | 4 + hosts/nixos/rune/default.nix | 8 +- hosts/nixos/vm/default.nix | 3 - hosts/readme.md | 3 - hosts/users/cesar/default.nix | 23 ----- hosts/users/default.nix | 64 ------------ hosts/users/gio/default.nix | 23 ----- hosts/users/gio/minimal/default.nix | 23 ----- hosts/users/minimal/default.nix | 23 ----- hosts/users/toph/default.nix | 59 ----------- 22 files changed, 122 insertions(+), 266 deletions(-) create mode 100644 hosts/global/core/user.nix create mode 100644 hosts/nixos/rune/config/default.nix delete mode 100644 hosts/users/cesar/default.nix delete mode 100644 hosts/users/default.nix delete mode 100644 hosts/users/gio/default.nix delete mode 100644 hosts/users/gio/minimal/default.nix delete mode 100644 hosts/users/minimal/default.nix delete mode 100644 hosts/users/toph/default.nix diff --git a/home/toph/common/core/default.nix b/home/toph/common/core/default.nix index ece39db..527da2c 100644 --- a/home/toph/common/core/default.nix +++ b/home/toph/common/core/default.nix @@ -8,9 +8,9 @@ ... }: let - username = config.hostSpec.username; - homeDir = config.hostSpec.home; - shell = config.hostSpec.shell; + username = hostSpec.username; + homeDir = hostSpec.home; + shell = hostSpec.shell; in { imports = lib.flatten [ @@ -31,8 +31,6 @@ in ./zoxide.nix ]; - inherit hostSpec; - services.ssh-agent.enable = true; home = { diff --git a/home/toph/common/core/fastfetch/default.nix b/home/toph/common/core/fastfetch/default.nix index 498d11b..15482fd 100644 --- a/home/toph/common/core/fastfetch/default.nix +++ b/home/toph/common/core/fastfetch/default.nix @@ -2,13 +2,14 @@ lib, pkgs, config, + hostSpec, ... }: { #TODO: Scripts might need a rework programs.fastfetch = let - hostname = config.hostSpec.hostName; + hostname = hostSpec.hostName; logoFile = ./. + "/host/${hostname}.txt"; weather = import ./scripts/weather.nix { inherit pkgs; }; title = import ./scripts/title.nix { inherit pkgs; }; diff --git a/home/toph/common/core/git.nix b/home/toph/common/core/git.nix index d23be7a..8b2e332 100644 --- a/home/toph/common/core/git.nix +++ b/home/toph/common/core/git.nix @@ -4,12 +4,12 @@ lib, config, inputs, + hostSpec, ... }: let - # handle = config.hostSpec.handle; - fullName = config.hostSpec.userFullName; - email = config.hostSpec.email; + fullName = hostSpec.userFullName; + email = hostSpec.email; in { programs.git = { @@ -48,7 +48,7 @@ in ]; }; - url = lib.optionalAttrs (!config.hostSpec.isMinimal) { + url = lib.optionalAttrs (!hostSpec.isMinimal) { # Only force ssh if it's not minimal "ssh://git@github.com" = { pushInsteadOf = "https://github.com"; diff --git a/home/toph/common/optional/gaming/switch.nix b/home/toph/common/optional/gaming/switch.nix index 11f00c3..0f74e13 100644 --- a/home/toph/common/optional/gaming/switch.nix +++ b/home/toph/common/optional/gaming/switch.nix @@ -3,6 +3,7 @@ pkgs, config, lib, + hostSpec, ... }: @@ -14,7 +15,7 @@ let # inherit pkgs; # }; - homeDir = config.hostSpec.home; + homeDir = hostSpec.home; borg-wrapper = pkgs.writeScript "borg-wrapper" '' #!${lib.getExe pkgs.fish} diff --git a/hosts/global/common/system/pool.nix b/hosts/global/common/system/pool.nix index f5a38da..f5fd14f 100644 --- a/hosts/global/common/system/pool.nix +++ b/hosts/global/common/system/pool.nix @@ -19,10 +19,10 @@ in requires = [ "pool.mount" ]; wantedBy = [ "multi-user.target" ]; script = '' + umount /pool/git mkdir -p /pool/git chown ${username}:ryot /pool/git chmod 2775 /pool/git - rm -rf ${homeDir}/git ln -sf /pool/git ${homeDir}/git chown -h ${username}:ryot ${homeDir}/git ''; diff --git a/hosts/global/core/default.nix b/hosts/global/core/default.nix index 08355eb..dfb4087 100644 --- a/hosts/global/core/default.nix +++ b/hosts/global/core/default.nix @@ -17,7 +17,6 @@ in (map lib.custom.relativeToRoot [ "modules/global" - "hosts/users" ]) ]; @@ -73,17 +72,6 @@ in hardware.enableAllFirmware = true; security.sudo = { - extraRules = [ - { - users = [ config.hostSpec.username ]; - commands = [ - { - command = "ALL"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; extraConfig = '' Defaults lecture = never # rollback results in sudo lectures after each reboot, it's somewhat useless anyway Defaults pwfeedback # password input feedback - makes typed password visible as asterisks diff --git a/hosts/global/core/user.nix b/hosts/global/core/user.nix new file mode 100644 index 0000000..608cba2 --- /dev/null +++ b/hosts/global/core/user.nix @@ -0,0 +1,104 @@ +# User config applicable only to nixos +{ + inputs, + config, + lib, + pkgs, + ... +}: +let + hostSpec = config.hostSpec; + username = hostSpec.username; + # Get user-specific secrets if they exist + user = config.secretsSpec.users.${username} or { }; + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + isMinimal = hostSpec.isMinimal or false; +in +{ + users.groups = { + ryot = lib.mkIf (!isMinimal) { + gid = 1004; + members = [ username ]; + }; + }; + + users.mutableUsers = false; + users.users.${username} = { + home = hostSpec.home; + isNormalUser = true; + createHome = true; + description = "Admin"; + homeMode = "750"; + hashedPassword = user.hashedPassword or hostSpec.hashedPassword; + uid = 1000; + group = if !isMinimal then "ryot" else "users"; + shell = hostSpec.shell or pkgs.fish; + extraGroups = lib.flatten [ + "wheel" + (ifTheyExist [ + "adbusers" + "audio" + "docker" + "gamemode" + "git" + "libvirtd" + "networkmanager" + "video" + ]) + ]; + openssh.authorizedKeys.keys = builtins.attrValues config.secretsSpec.ssh.publicKeys or [ ]; + }; + + # Special sudo config for user + security.sudo.extraRules = [ + { + users = [ username ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + # No matter what environment we are in we want these tools for root, and the user(s) + programs.git.enable = true; + + # root's ssh key are mainly used for remote deployment, borg, and some other specific ops + users.users.root = { + shell = pkgs.bash; + hashedPassword = lib.mkForce hostSpec.hashedPassword; + openssh.authorizedKeys.keys = builtins.attrValues config.secretsSpec.ssh.publicKeys or [ ]; + }; +} +// lib.optionalAttrs (inputs ? "home-manager") { + # Setup root home? + home-manager.users.root = lib.optionalAttrs (!isMinimal) { + home.stateVersion = "24.05"; # Avoid error + }; + + # Set up home-manager for the configured user + home-manager = { + extraSpecialArgs = { + inherit pkgs inputs; + inherit (config) secretsSpec hostSpec; + }; + users.${username} = lib.optionalAttrs (!isMinimal) { + imports = [ + ( + { config, ... }: + import (lib.custom.relativeToRoot "home/${username}/${hostSpec.hostName}") { + inherit + config + hostSpec + inputs + lib + pkgs + ; + } + ) + ]; + }; + }; +} diff --git a/hosts/nixos/cloud/default.nix b/hosts/nixos/cloud/default.nix index f7d7407..fdbebd2 100644 --- a/hosts/nixos/cloud/default.nix +++ b/hosts/nixos/cloud/default.nix @@ -32,9 +32,6 @@ in ## Optional Configs ## "hosts/global/common/acme" "hosts/global/common/docker.nix" - - ## Host user ## - "hosts/users/${username}" # Not the best solution but I always have one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/nixos/komodo/default.nix b/hosts/nixos/komodo/default.nix index 342cbfb..163ec6e 100644 --- a/hosts/nixos/komodo/default.nix +++ b/hosts/nixos/komodo/default.nix @@ -31,9 +31,6 @@ in ## Optional Configs ## "hosts/global/common/acme" "hosts/global/common/docker.nix" - - ## Host User ## - "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/nixos/lxc/default.nix b/hosts/nixos/lxc/default.nix index c09c16d..eb78e10 100644 --- a/hosts/nixos/lxc/default.nix +++ b/hosts/nixos/lxc/default.nix @@ -26,9 +26,6 @@ in (map lib.custom.relativeToRoot [ ## Required Configs ## "hosts/global/core" - - ## Proxy Specific ## - "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/nixos/nix/default.nix b/hosts/nixos/nix/default.nix index 5422c33..ec57ebb 100644 --- a/hosts/nixos/nix/default.nix +++ b/hosts/nixos/nix/default.nix @@ -28,9 +28,6 @@ in "hosts/global/core" ## Optional Configs ## - - ## Nix Specific ## - "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/nixos/proxy/default.nix b/hosts/nixos/proxy/default.nix index 1ede06b..55ef30f 100644 --- a/hosts/nixos/proxy/default.nix +++ b/hosts/nixos/proxy/default.nix @@ -32,9 +32,6 @@ in ## Optional Configs ## "hosts/global/common/acme" "hosts/global/common/docker.nix" - - ## Proxy User ## - "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/nixos/rune/config/default.nix b/hosts/nixos/rune/config/default.nix new file mode 100644 index 0000000..b23287b --- /dev/null +++ b/hosts/nixos/rune/config/default.nix @@ -0,0 +1,4 @@ +{ lib, ... }: +{ + imports = lib.custom.scanPaths ./.; +} diff --git a/hosts/nixos/rune/default.nix b/hosts/nixos/rune/default.nix index fffcfa4..f46e174 100644 --- a/hosts/nixos/rune/default.nix +++ b/hosts/nixos/rune/default.nix @@ -18,6 +18,8 @@ let in { imports = lib.flatten [ + ## Rune Only ## + # ./config ## Hardware ## ./hardware.nix @@ -41,12 +43,6 @@ in "hosts/global/common/nvtop.nix" # GPU monitor (not available in home-manager) "hosts/global/common/plymouth.nix" # fancy boot screen "hosts/global/common/vial.nix" # KB setup - # "hosts/global/common/ventura.nix" # macos vm - - ## Misc Inputs ## - - ## Rune Specific ## - "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/nixos/vm/default.nix b/hosts/nixos/vm/default.nix index 22f522e..b6e7c9e 100644 --- a/hosts/nixos/vm/default.nix +++ b/hosts/nixos/vm/default.nix @@ -35,9 +35,6 @@ in # "hosts/global/common/plymouth.nix" # fancy boot screen ## Misc Inputs ## - - ## VM Specific ## - "hosts/users/${username}" # Not the best solution but I always have just one user so ¯\_(ツ)_/¯ ]) ]; diff --git a/hosts/readme.md b/hosts/readme.md index 8f90b13..a114f86 100644 --- a/hosts/readme.md +++ b/hosts/readme.md @@ -1,8 +1,5 @@ # TODO: -- I dont like the current system for hosts importing their main user - - I could rework hostSpecs so its imported since flake and manage it like that? - - or just rework the users/default and the hosts/core to just work different... - Fix up how DEs are configured, its not modular at all rn, i need to be able to select the DE from hostSpec and it should be able to change config per user - decouple /pool from places its not needed, or should be optional - some users should not have access to pool or just cant access it cuz not local diff --git a/hosts/users/cesar/default.nix b/hosts/users/cesar/default.nix deleted file mode 100644 index ee6b010..0000000 --- a/hosts/users/cesar/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: -let - hostSpec = config.hostSpec; -in -{ - - users.groups = { - ryot = { - gid = 1004; - members = [ "${hostSpec.username}" ]; - }; - }; - - # Set a temp password for use by minimal builds like installer and iso - users.users.${hostSpec.username} = { - isNormalUser = true; - hashedPassword = hostSpec.hashedPassword; - group = "ryot"; - extraGroups = [ - "wheel" - ]; - }; -} diff --git a/hosts/users/default.nix b/hosts/users/default.nix deleted file mode 100644 index 4b7cd8f..0000000 --- a/hosts/users/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -# User config applicable only to nixos -{ - inputs, - config, - lib, - pkgs, - ... -}: -let - hostSpec = config.hostSpec; - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in -{ - users.groups = { - ryot = { - gid = 1004; - members = [ "${hostSpec.username}" ]; - }; - }; - - users.mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation! - users.users.${hostSpec.username} = { - home = "${hostSpec.home}"; - isNormalUser = true; - createHome = true; - description = "Admin"; - homeMode = "750"; - hashedPassword = hostSpec.hashedPassword; - uid = 1000; - group = "ryot"; - extraGroups = lib.flatten [ - "wheel" - # Some of these groups are defined elsewhere in the system - # But honestly not sure what runs first so just add them here i guess - (ifTheyExist [ - "adbusers" - "audio" - "docker" - "gamemode" - "git" - "libvirtd" - "networkmanager" - "video" - ]) - ]; - }; - - # No matter what environment we are in we want these tools for root, and the user(s) - programs.git.enable = true; - - # root's ssh key are mainly used for remote deployment, borg, and some other specific ops - users.users.root = { - shell = pkgs.bash; - hashedPassword = lib.mkForce hostSpec.hashedPassword; - openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment. - }; -} -// lib.optionalAttrs (inputs ? "home-manager") { - - # Setup root home? - home-manager.users.root = lib.optionalAttrs (!hostSpec.isMinimal) { - home.stateVersion = "24.05"; # Avoid error - }; -} diff --git a/hosts/users/gio/default.nix b/hosts/users/gio/default.nix deleted file mode 100644 index ee6b010..0000000 --- a/hosts/users/gio/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: -let - hostSpec = config.hostSpec; -in -{ - - users.groups = { - ryot = { - gid = 1004; - members = [ "${hostSpec.username}" ]; - }; - }; - - # Set a temp password for use by minimal builds like installer and iso - users.users.${hostSpec.username} = { - isNormalUser = true; - hashedPassword = hostSpec.hashedPassword; - group = "ryot"; - extraGroups = [ - "wheel" - ]; - }; -} diff --git a/hosts/users/gio/minimal/default.nix b/hosts/users/gio/minimal/default.nix deleted file mode 100644 index ee6b010..0000000 --- a/hosts/users/gio/minimal/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: -let - hostSpec = config.hostSpec; -in -{ - - users.groups = { - ryot = { - gid = 1004; - members = [ "${hostSpec.username}" ]; - }; - }; - - # Set a temp password for use by minimal builds like installer and iso - users.users.${hostSpec.username} = { - isNormalUser = true; - hashedPassword = hostSpec.hashedPassword; - group = "ryot"; - extraGroups = [ - "wheel" - ]; - }; -} diff --git a/hosts/users/minimal/default.nix b/hosts/users/minimal/default.nix deleted file mode 100644 index ee6b010..0000000 --- a/hosts/users/minimal/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, ... }: -let - hostSpec = config.hostSpec; -in -{ - - users.groups = { - ryot = { - gid = 1004; - members = [ "${hostSpec.username}" ]; - }; - }; - - # Set a temp password for use by minimal builds like installer and iso - users.users.${hostSpec.username} = { - isNormalUser = true; - hashedPassword = hostSpec.hashedPassword; - group = "ryot"; - extraGroups = [ - "wheel" - ]; - }; -} diff --git a/hosts/users/toph/default.nix b/hosts/users/toph/default.nix deleted file mode 100644 index 938f861..0000000 --- a/hosts/users/toph/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - inputs, - pkgs, - config, - lib, - ... -}: -let - hostSpec = config.hostSpec; - username = hostSpec.username; - homeDir = hostSpec.home; - _shell = hostSpec.shell; - pubKeys = builtins.attrValues config.secretsSpec.ssh.publicKeys; -in -{ - users.users.${username} = { - name = hostSpec.username; - shell = _shell; - # These get placed into /etc/ssh/authorized_keys.d/ on nixos - openssh.authorizedKeys.keys = pubKeys; - }; - - # Create ssh directory when homemanager is not loaded - systemd.tmpfiles.rules = - let - user = config.users.users.${username}.name; - group = config.users.users.${username}.group; - in - [ - "d ${homeDir}/.ssh 0750 ${user} ${group} -" - ]; - - programs.fish.enable = true; -} -# Import the user's personal/home configurations, unless the environment is minimal -// lib.optionalAttrs (inputs ? "home-manager") { - home-manager = { - extraSpecialArgs = { - inherit pkgs inputs; - inherit (config) secretsSpec hostSpec; - }; - users.${username}.imports = lib.flatten ( - lib.optional (!hostSpec.isMinimal) [ - ( - { config, ... }: - import (lib.custom.relativeToRoot "home/${username}/${hostSpec.hostName}") { - inherit - pkgs - inputs - config - lib - hostSpec - ; - } - ) - ] - ); - }; -}