home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 2eb3a59997a5159c9686425ef2cfb5f38b54310a
parent 1207660854d3fe6091df2ad37688ae9a69052a52
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Mon, 21 Dec 2020 17:31:38 +0100

flake: trying ways to modularize users

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 10++++++----
Msystems/hosts/foo.flake.nix | 2+-
Msystems/profiles/desktop.nix | 8+++++++-
Musers/houbeb/default.flake.nix | 9+++------
Ausers/houbeb/home.nix | 5+++++
Musers/root/default.flake.nix | 15+++++++--------
Ausers/root/home.nix | 5+++++
Musers/vincent/default.flake.nix | 26+++++++++++---------------
Musers/vincent/default.nix | 30++++++++++++++++++++++--------
Dusers/vincent/desktop.flake.nix | 5-----
Musers/vincent/desktop/default.nix | 4++--
Musers/vincent/desktop/i3.nix | 2+-
Ausers/vincent/home.nix | 5+++++
Dusers/vincent/laptop.flake.nix | 7-------
14 files changed, 75 insertions(+), 58 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -151,11 +151,11 @@ }); # home-manager configurations - mkHomeManagerConfiguration = name: { system, config }: + mkHomeManagerConfiguration = name: { config ? ./users + "/${name}/home.nix" }: nameValuePair name ({ ... }: { imports = [ - (import ./home/modules) - (import ./home/profiles) + (import ./users/modules) + # (import ./home/profiles) (import config) ]; # For compatibility with nix-shell, nix-build, etc. @@ -217,7 +217,9 @@ # that host - consumed by the home-manager NixOS module for that host (if it exists) # or by `mkHomeManagerHostConfiguration` for home-manager-only hosts. homeManagerConfigurations = mapAttrs' mkHomeManagerConfiguration { - naruhodo = { system = "x86_64-linux"; config = ./home/naruhodo.nix; }; + vincent = { }; + root = { }; + houbeb = { }; }; # Overlays consumed by the home-manager/NixOS configuration. diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix @@ -12,7 +12,7 @@ let endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey; in { - profiles.desktop.enable = true; + profiles.laptop.enable = true; profiles.home.enable = true; environment.systemPackages = with pkgs; [ tkn ]; diff --git a/systems/profiles/desktop.nix b/systems/profiles/desktop.nix @@ -17,7 +17,13 @@ in plymouth.enable = true; }; nix = { - sshServe = mkDefault true; + # Enable SSH-serving nix packages + sshServe.enable = mkDefault true; }; + + # Make `/run/user/X` larger. + services.logind.extraConfig = '' + RuntimeDirectorySize=20% + ''; }; } diff --git a/users/houbeb/default.flake.nix b/users/houbeb/default.flake.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ inputs, ... }: { users.users.houbeb = { createHome = true; description = "Houbeb Ben Othmene"; @@ -8,9 +8,6 @@ "…" ]; }; - /* - home-manager.users.houbeb = { - home.packages = with pkgs; [ hello ]; - }; - */ + # Home-manager "magic" + home-manager.users.houbeb = inputs.self.internal.homeManagerConfigurations."houbeb"; } diff --git a/users/houbeb/home.nix b/users/houbeb/home.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + home.packages = with pkgs; [ htop ]; +} diff --git a/users/root/default.flake.nix b/users/root/default.flake.nix @@ -1,12 +1,11 @@ -{ config, lib, pkgs, ... }: - -with lib; { +{ config, inputs, lib, pkgs, ... }: +let + inherit (lib) mkIf; +in +{ users.users.root = { shell = mkIf config.programs.zsh.enable pkgs.zsh; }; - /* - home-manager.users.root = lib.mkMerge ( - [ (import ../vincent/core) ] - ); - */ + # Home-manager "magic" + home-manager.users.root = inputs.self.internal.homeManagerConfigurations."root"; } diff --git a/users/root/home.nix b/users/root/home.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + home.packages = with pkgs; [ htop ]; +} diff --git a/users/vincent/default.flake.nix b/users/vincent/default.flake.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, inputs, lib, pkgs, ... }: with lib; let secretPath = ../../secrets/machines.nix; @@ -15,21 +15,19 @@ let isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false; in { - imports = [ - ./desktop.flake.nix - ./laptop.flake.nix - ]; + # imports = [ ../home.nix ]; + users.users.vincent = { createHome = true; uid = 1000; description = "Vincent Demeester"; extraGroups = [ "wheel" "input" ] - ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]; - #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] - #++ optionals config.networking.networkmanager.enable [ "networkmanager" ] - #++ optionals config.profiles.docker.enable [ "docker" ] - #++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] - #++ optionals config.profiles.virtualization.enable [ "libvirtd" ]; + ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ] + #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] + ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] + ++ optionals config.virtualisation.docker.enable [ "docker" ] + ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] + ++ optionals config.virtualisation.libvirtd.enable [ "libvirtd" ]; shell = mkIf config.programs.zsh.enable pkgs.zsh; isNormalUser = true; openssh.authorizedKeys.keys = authorizedKeys; @@ -38,10 +36,6 @@ in subGidRanges = [{ startGid = 100000; count = 65536; }]; }; - home-manager.users.vincent = mkMerge ([ - (import ../modules) - ]); # ++ optionals config.profiles.desktop.enable [ ./desktop ]); - nix = { trustedUsers = [ "vincent" ]; sshServe.keys = authorizedKeys; @@ -61,4 +55,6 @@ in ${pkgs.systemd}/bin/loginctl enable-linger ${config.users.users.vincent.name} ''; + # Home-manager "magic" + home-manager.users.vincent = inputs.self.internal.homeManagerConfigurations."vincent"; } diff --git a/users/vincent/default.nix b/users/vincent/default.nix @@ -23,29 +23,43 @@ in ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ] ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] - ++ optionals config.profiles.docker.enable [ "docker" ] + ++ optionals config.virtualisation.docker.enable [ "docker" ] ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] ++ optionals config.profiles.virtualization.enable [ "libvirtd" ]; shell = mkIf config.programs.zsh.enable pkgs.zsh; isNormalUser = true; openssh.authorizedKeys.keys = authorizedKeys; - # FIXME change this ? initialPassword = "changeMe"; - # FIXME This might be handled differently by programs.podman, … subUidRanges = [{ startUid = 100000; count = 65536; }]; subGidRanges = [{ startGid = 100000; count = 65536; }]; }; - /* - virtualisation = mkIf isContainersEnabled { - containers.users = [ "vincent" ]; + nix = { + trustedUsers = [ "vincent" ]; + sshServe.keys = authorizedKeys; }; - */ - security.pam.services.vincent.fprintAuth = config.services.fprintd.enable; + security = { + pam = { + # Nix will hit the stack limit when using `nixFlakes`. + loginLimits = [ + { domain = config.users.users.vincent.name; item = "stack"; type = "-"; value = "unlimited"; } + ]; + }; + }; + + # Enable user units to persist after sessions end. + system.activationScripts.loginctl-enable-linger-vincent = lib.stringAfter [ "users" ] '' + ${pkgs.systemd}/bin/loginctl enable-linger ${config.users.users.vincent.name} + ''; + + # To use nixos config in home-manager configuration, use the nixosConfig attr. + # This make it possible to import the whole configuration, and let each module + # load their own. home-manager.users.vincent = lib.mkMerge ( [ + (import ../home.nix) (import ./core) (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; }) ] diff --git a/users/vincent/desktop.flake.nix b/users/vincent/desktop.flake.nix @@ -1,5 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home-manager.users.vincent = lib.mkIf config.profiles.desktop.enable (import ./desktop); -} diff --git a/users/vincent/desktop/default.nix b/users/vincent/desktop/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, nixosConfig, ... }: { imports = [ @@ -36,7 +36,7 @@ keybase # pass profile-sync-daemon - ]; + ] ++ lib.optionals nixosConfig.profiles.desktop.i3.enable [ pkgs.brave ]; xdg.configFile."obs-studio/plugins/obs-v4l2sink/bin/64bit/obs-v4l2sink.so".source = "${pkgs.obs-v4l2sink}/share/obs/obs-plugins/v4l2sink/bin/64bit/v4l2sink.so"; diff --git a/users/vincent/desktop/i3.nix b/users/vincent/desktop/i3.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, nixosConfig, lib, pkgs, ... }: with lib; let diff --git a/users/vincent/home.nix b/users/vincent/home.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: + +{ + home.packages = with pkgs; [ htop ]; +} diff --git a/users/vincent/laptop.flake.nix b/users/vincent/laptop.flake.nix @@ -1,7 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home-manager.users.vincent = lib.mkIf config.profiles.laptop.enable { - programs.autorandr.enable = true; - }; -}