Refactors user declaration for /hosts and fixes related configs

home/toph/common/core/default.nix

@@ -8,9 +8,9 @@
   ...
 }:
 let
-  username = config.hostSpec.username;
+  username = hostSpec.username;
-  homeDir = config.hostSpec.home;
+  homeDir = hostSpec.home;
-  shell = config.hostSpec.shell;
+  shell = hostSpec.shell;
 in
 {
   imports = lib.flatten [
@@ -31,8 +31,6 @@ in
     ./zoxide.nix
   ];
 
-  inherit hostSpec;
-
   services.ssh-agent.enable = true;
 
   home = {

home/toph/common/core/fastfetch/default.nix

@@ -2,13 +2,14 @@
   lib,
   pkgs,
   config,
+  hostSpec,
   ...
 }:
 {
   #TODO: Scripts might need a rework
   programs.fastfetch =
     let
-      hostname = config.hostSpec.hostName;
+      hostname = hostSpec.hostName;
       logoFile = ./. + "/host/${hostname}.txt";
       weather = import ./scripts/weather.nix { inherit pkgs; };
       title = import ./scripts/title.nix { inherit pkgs; };

home/toph/common/core/git.nix

@@ -4,12 +4,12 @@
   lib,
   config,
   inputs,
+  hostSpec,
   ...
 }:
 let
-  # handle = config.hostSpec.handle;
+  fullName = hostSpec.userFullName;
-  fullName = config.hostSpec.userFullName;
+  email = hostSpec.email;
-  email = config.hostSpec.email;
 in
 {
   programs.git = {
@@ -48,7 +48,7 @@ in
         ];
       };
 
-      url = lib.optionalAttrs (!config.hostSpec.isMinimal) {
+      url = lib.optionalAttrs (!hostSpec.isMinimal) {
         # Only force ssh if it's not minimal
         "ssh://git@github.com" = {
           pushInsteadOf = "https://github.com";

home/toph/common/optional/gaming/switch.nix

@@ -3,6 +3,7 @@
   pkgs,
   config,
   lib,
+  hostSpec,
   ...
 }:
 
@@ -14,7 +15,7 @@ let
   #   inherit pkgs;
   # };
 
-  homeDir = config.hostSpec.home;
+  homeDir = hostSpec.home;
 
   borg-wrapper = pkgs.writeScript "borg-wrapper" ''
     #!${lib.getExe pkgs.fish}

hosts/global/common/system/pool.nix

@@ -19,10 +19,10 @@ in
       requires = [ "pool.mount" ];
       wantedBy = [ "multi-user.target" ];
       script = ''
+        umount /pool/git
         mkdir -p /pool/git
         chown ${username}:ryot /pool/git
         chmod 2775 /pool/git
-        rm -rf ${homeDir}/git
         ln -sf /pool/git ${homeDir}/git
         chown -h ${username}:ryot ${homeDir}/git
       '';

hosts/global/core/default.nix

@@ -17,7 +17,6 @@ in
 
     (map lib.custom.relativeToRoot [
       "modules/global"
-      "hosts/users"
     ])
   ];
 
@@ -73,17 +72,6 @@ in
   hardware.enableAllFirmware = true;
 
   security.sudo = {
-    extraRules = [
-      {
-        users = [ config.hostSpec.username ];
-        commands = [
-          {
-            command = "ALL";
-            options = [ "NOPASSWD" ];
-          }
-        ];
-      }
-    ];
     extraConfig = ''
       Defaults lecture = never # rollback results in sudo lectures after each reboot, it's somewhat useless anyway
       Defaults pwfeedback # password input feedback - makes typed password visible as asterisks

hosts/global/core/user.nix

@@ -0,0 +1,104 @@
+# User config applicable only to nixos
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  hostSpec = config.hostSpec;
+  username = hostSpec.username;
+  # Get user-specific secrets if they exist
+  user = config.secretsSpec.users.${username} or { };
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+  isMinimal = hostSpec.isMinimal or false;
+in
+{
+  users.groups = {
+    ryot = lib.mkIf (!isMinimal) {
+      gid = 1004;
+      members = [ username ];
+    };
+  };
+
+  users.mutableUsers = false;
+  users.users.${username} = {
+    home = hostSpec.home;
+    isNormalUser = true;
+    createHome = true;
+    description = "Admin";
+    homeMode = "750";
+    hashedPassword = user.hashedPassword or hostSpec.hashedPassword;
+    uid = 1000;
+    group = if !isMinimal then "ryot" else "users";
+    shell = hostSpec.shell or pkgs.fish;
+    extraGroups = lib.flatten [
+      "wheel"
+      (ifTheyExist [
+        "adbusers"
+        "audio"
+        "docker"
+        "gamemode"
+        "git"
+        "libvirtd"
+        "networkmanager"
+        "video"
+      ])
+    ];
+    openssh.authorizedKeys.keys = builtins.attrValues config.secretsSpec.ssh.publicKeys or [ ];
+  };
+
+  # Special sudo config for user
+  security.sudo.extraRules = [
+    {
+      users = [ username ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+
+  # No matter what environment we are in we want these tools for root, and the user(s)
+  programs.git.enable = true;
+
+  # root's ssh key are mainly used for remote deployment, borg, and some other specific ops
+  users.users.root = {
+    shell = pkgs.bash;
+    hashedPassword = lib.mkForce hostSpec.hashedPassword;
+    openssh.authorizedKeys.keys = builtins.attrValues config.secretsSpec.ssh.publicKeys or [ ];
+  };
+}
+// lib.optionalAttrs (inputs ? "home-manager") {
+  # Setup root home?
+  home-manager.users.root = lib.optionalAttrs (!isMinimal) {
+    home.stateVersion = "24.05"; # Avoid error
+  };
+
+  # Set up home-manager for the configured user
+  home-manager = {
+    extraSpecialArgs = {
+      inherit pkgs inputs;
+      inherit (config) secretsSpec hostSpec;
+    };
+    users.${username} = lib.optionalAttrs (!isMinimal) {
+      imports = [
+        (
+          { config, ... }:
+          import (lib.custom.relativeToRoot "home/${username}/${hostSpec.hostName}") {
+            inherit
+              config
+              hostSpec
+              inputs
+              lib
+              pkgs
+              ;
+          }
+        )
+      ];
+    };
+  };
+}

hosts/nixos/cloud/default.nix

@@ -32,9 +32,6 @@ in
       ## Optional Configs ##
       "hosts/global/common/acme"
       "hosts/global/common/docker.nix"
-
-      ## Host user ##
-      "hosts/users/${username}" # Not the best solution but I always have one user so ¯\_(ツ)_/¯
     ])
   ];
 

hosts/nixos/komodo/default.nix

@@ -31,9 +31,6 @@ in
       ## Optional Configs ##
       "hosts/global/common/acme"
       "hosts/global/common/docker.nix"
-
-      ## Host User ##
-      "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
     ])
   ];
 

hosts/nixos/lxc/default.nix

@@ -26,9 +26,6 @@ in
     (map lib.custom.relativeToRoot [
       ## Required Configs ##
       "hosts/global/core"
-
-      ## Proxy Specific ##
-      "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
     ])
   ];
 

hosts/nixos/nix/default.nix

@@ -28,9 +28,6 @@ in
       "hosts/global/core"
 
       ## Optional Configs ##
-
-      ## Nix Specific ##
-      "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
     ])
   ];
 

hosts/nixos/proxy/default.nix

@@ -32,9 +32,6 @@ in
       ## Optional Configs ##
       "hosts/global/common/acme"
       "hosts/global/common/docker.nix"
-
-      ## Proxy User ##
-      "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
     ])
   ];
 

hosts/nixos/rune/config/default.nix

@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+  imports = lib.custom.scanPaths ./.;
+}

hosts/nixos/rune/default.nix

@@ -18,6 +18,8 @@ let
 in
 {
   imports = lib.flatten [
+    ## Rune Only ##
+    # ./config
 
     ## Hardware ##
     ./hardware.nix
@@ -41,12 +43,6 @@ in
       "hosts/global/common/nvtop.nix" # GPU monitor (not available in home-manager)
       "hosts/global/common/plymouth.nix" # fancy boot screen
       "hosts/global/common/vial.nix" # KB setup
-      # "hosts/global/common/ventura.nix" # macos vm
-
-      ## Misc Inputs ##
-
-      ## Rune Specific ##
-      "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
     ])
   ];
 

hosts/nixos/vm/default.nix

@@ -35,9 +35,6 @@ in
       # "hosts/global/common/plymouth.nix" # fancy boot screen
 
       ## Misc Inputs ##
-
-      ## VM Specific ##
-      "hosts/users/${username}" # Not the best solution but I always have just one user so ¯\_(ツ)_/¯
     ])
 
   ];

hosts/readme.md

@@ -1,8 +1,5 @@
 # TODO:
 
-- I dont like the current system for hosts importing their main user
-  -  I could rework hostSpecs so its imported since flake and manage it like that?
-  - or just rework the users/default and the hosts/core to just work different...
 - Fix up how DEs are configured, its not modular at all rn, i need to be able to select the DE from hostSpec and it should be able to change config per user
 - decouple /pool from places its not needed, or should be optional
   - some users should not have access to pool or just cant access it cuz not local 

hosts/users/cesar/default.nix

@@ -1,23 +0,0 @@
-{ config, ... }:
-let
-  hostSpec = config.hostSpec;
-in
-{
-
-  users.groups = {
-    ryot = {
-      gid = 1004;
-      members = [ "${hostSpec.username}" ];
-    };
-  };
-
-  # Set a temp password for use by minimal builds like installer and iso
-  users.users.${hostSpec.username} = {
-    isNormalUser = true;
-    hashedPassword = hostSpec.hashedPassword;
-    group = "ryot";
-    extraGroups = [
-      "wheel"
-    ];
-  };
-}

hosts/users/default.nix

@@ -1,64 +0,0 @@
-# User config applicable only to nixos
-{
-  inputs,
-  config,
-  lib,
-  pkgs,
-  ...
-}:
-let
-  hostSpec = config.hostSpec;
-  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
-in
-{
-  users.groups = {
-    ryot = {
-      gid = 1004;
-      members = [ "${hostSpec.username}" ];
-    };
-  };
-
-  users.mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation!
-  users.users.${hostSpec.username} = {
-    home = "${hostSpec.home}";
-    isNormalUser = true;
-    createHome = true;
-    description = "Admin";
-    homeMode = "750";
-    hashedPassword = hostSpec.hashedPassword;
-    uid = 1000;
-    group = "ryot";
-    extraGroups = lib.flatten [
-      "wheel"
-      # Some of these groups are defined elsewhere in the system
-      # But honestly not sure what runs first so just add them here i guess
-      (ifTheyExist [
-        "adbusers"
-        "audio"
-        "docker"
-        "gamemode"
-        "git"
-        "libvirtd"
-        "networkmanager"
-        "video"
-      ])
-    ];
-  };
-
-  # No matter what environment we are in we want these tools for root, and the user(s)
-  programs.git.enable = true;
-
-  # root's ssh key are mainly used for remote deployment, borg, and some other specific ops
-  users.users.root = {
-    shell = pkgs.bash;
-    hashedPassword = lib.mkForce hostSpec.hashedPassword;
-    openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
-  };
-}
-// lib.optionalAttrs (inputs ? "home-manager") {
-
-  # Setup root home?
-  home-manager.users.root = lib.optionalAttrs (!hostSpec.isMinimal) {
-    home.stateVersion = "24.05"; # Avoid error
-  };
-}

hosts/users/gio/default.nix

@@ -1,23 +0,0 @@
-{ config, ... }:
-let
-  hostSpec = config.hostSpec;
-in
-{
-
-  users.groups = {
-    ryot = {
-      gid = 1004;
-      members = [ "${hostSpec.username}" ];
-    };
-  };
-
-  # Set a temp password for use by minimal builds like installer and iso
-  users.users.${hostSpec.username} = {
-    isNormalUser = true;
-    hashedPassword = hostSpec.hashedPassword;
-    group = "ryot";
-    extraGroups = [
-      "wheel"
-    ];
-  };
-}

hosts/users/gio/minimal/default.nix

@@ -1,23 +0,0 @@
-{ config, ... }:
-let
-  hostSpec = config.hostSpec;
-in
-{
-
-  users.groups = {
-    ryot = {
-      gid = 1004;
-      members = [ "${hostSpec.username}" ];
-    };
-  };
-
-  # Set a temp password for use by minimal builds like installer and iso
-  users.users.${hostSpec.username} = {
-    isNormalUser = true;
-    hashedPassword = hostSpec.hashedPassword;
-    group = "ryot";
-    extraGroups = [
-      "wheel"
-    ];
-  };
-}

hosts/users/minimal/default.nix

@@ -1,23 +0,0 @@
-{ config, ... }:
-let
-  hostSpec = config.hostSpec;
-in
-{
-
-  users.groups = {
-    ryot = {
-      gid = 1004;
-      members = [ "${hostSpec.username}" ];
-    };
-  };
-
-  # Set a temp password for use by minimal builds like installer and iso
-  users.users.${hostSpec.username} = {
-    isNormalUser = true;
-    hashedPassword = hostSpec.hashedPassword;
-    group = "ryot";
-    extraGroups = [
-      "wheel"
-    ];
-  };
-}

hosts/users/toph/default.nix

@@ -1,59 +0,0 @@
-{
-  inputs,
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-let
-  hostSpec = config.hostSpec;
-  username = hostSpec.username;
-  homeDir = hostSpec.home;
-  _shell = hostSpec.shell;
-  pubKeys = builtins.attrValues config.secretsSpec.ssh.publicKeys;
-in
-{
-  users.users.${username} = {
-    name = hostSpec.username;
-    shell = _shell;
-    # These get placed into /etc/ssh/authorized_keys.d/<name> on nixos
-    openssh.authorizedKeys.keys = pubKeys;
-  };
-
-  # Create ssh directory when homemanager is not loaded
-  systemd.tmpfiles.rules =
-    let
-      user = config.users.users.${username}.name;
-      group = config.users.users.${username}.group;
-    in
-    [
-      "d ${homeDir}/.ssh 0750 ${user} ${group} -"
-    ];
-
-  programs.fish.enable = true;
-}
-# Import the user's personal/home configurations, unless the environment is minimal
-// lib.optionalAttrs (inputs ? "home-manager") {
-  home-manager = {
-    extraSpecialArgs = {
-      inherit pkgs inputs;
-      inherit (config) secretsSpec hostSpec;
-    };
-    users.${username}.imports = lib.flatten (
-      lib.optional (!hostSpec.isMinimal) [
-        (
-          { config, ... }:
-          import (lib.custom.relativeToRoot "home/${username}/${hostSpec.hostName}") {
-            inherit
-              pkgs
-              inputs
-              config
-              lib
-              hostSpec
-              ;
-          }
-        )
-      ]
-    );
-  };
-}