commit 2eb3a59997a5159c9686425ef2cfb5f38b54310a
parent 1207660854d3fe6091df2ad37688ae9a69052a52
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 21 Dec 2020 17:31:38 +0100
flake: trying ways to modularize users
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
14 files changed, 75 insertions(+), 58 deletions(-)
diff --git a/flake.nix b/flake.nix
@@ -151,11 +151,11 @@
});
# home-manager configurations
- mkHomeManagerConfiguration = name: { system, config }:
+ mkHomeManagerConfiguration = name: { config ? ./users + "/${name}/home.nix" }:
nameValuePair name ({ ... }: {
imports = [
- (import ./home/modules)
- (import ./home/profiles)
+ (import ./users/modules)
+ # (import ./home/profiles)
(import config)
];
# For compatibility with nix-shell, nix-build, etc.
@@ -217,7 +217,9 @@
# that host - consumed by the home-manager NixOS module for that host (if it exists)
# or by `mkHomeManagerHostConfiguration` for home-manager-only hosts.
homeManagerConfigurations = mapAttrs' mkHomeManagerConfiguration {
- naruhodo = { system = "x86_64-linux"; config = ./home/naruhodo.nix; };
+ vincent = { };
+ root = { };
+ houbeb = { };
};
# Overlays consumed by the home-manager/NixOS configuration.
diff --git a/systems/hosts/foo.flake.nix b/systems/hosts/foo.flake.nix
@@ -12,7 +12,7 @@ let
endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
in
{
- profiles.desktop.enable = true;
+ profiles.laptop.enable = true;
profiles.home.enable = true;
environment.systemPackages = with pkgs; [ tkn ];
diff --git a/systems/profiles/desktop.nix b/systems/profiles/desktop.nix
@@ -17,7 +17,13 @@ in
plymouth.enable = true;
};
nix = {
- sshServe = mkDefault true;
+ # Enable SSH-serving nix packages
+ sshServe.enable = mkDefault true;
};
+
+ # Make `/run/user/X` larger.
+ services.logind.extraConfig = ''
+ RuntimeDirectorySize=20%
+ '';
};
}
diff --git a/users/houbeb/default.flake.nix b/users/houbeb/default.flake.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ inputs, ... }: {
users.users.houbeb = {
createHome = true;
description = "Houbeb Ben Othmene";
@@ -8,9 +8,6 @@
"…"
];
};
- /*
- home-manager.users.houbeb = {
- home.packages = with pkgs; [ hello ];
- };
- */
+ # Home-manager "magic"
+ home-manager.users.houbeb = inputs.self.internal.homeManagerConfigurations."houbeb";
}
diff --git a/users/houbeb/home.nix b/users/houbeb/home.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+
+{
+ home.packages = with pkgs; [ htop ];
+}
diff --git a/users/root/default.flake.nix b/users/root/default.flake.nix
@@ -1,12 +1,11 @@
-{ config, lib, pkgs, ... }:
-
-with lib; {
+{ config, inputs, lib, pkgs, ... }:
+let
+ inherit (lib) mkIf;
+in
+{
users.users.root = {
shell = mkIf config.programs.zsh.enable pkgs.zsh;
};
- /*
- home-manager.users.root = lib.mkMerge (
- [ (import ../vincent/core) ]
- );
- */
+ # Home-manager "magic"
+ home-manager.users.root = inputs.self.internal.homeManagerConfigurations."root";
}
diff --git a/users/root/home.nix b/users/root/home.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+
+{
+ home.packages = with pkgs; [ htop ];
+}
diff --git a/users/vincent/default.flake.nix b/users/vincent/default.flake.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, inputs, lib, pkgs, ... }:
with lib;
let
secretPath = ../../secrets/machines.nix;
@@ -15,21 +15,19 @@ let
isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false;
in
{
- imports = [
- ./desktop.flake.nix
- ./laptop.flake.nix
- ];
+ # imports = [ ../home.nix ];
+
users.users.vincent = {
createHome = true;
uid = 1000;
description = "Vincent Demeester";
extraGroups = [ "wheel" "input" ]
- ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ];
- #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
- #++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
- #++ optionals config.profiles.docker.enable [ "docker" ]
- #++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
- #++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
+ ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]
+ #++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
+ ++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
+ ++ optionals config.virtualisation.docker.enable [ "docker" ]
+ ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
+ ++ optionals config.virtualisation.libvirtd.enable [ "libvirtd" ];
shell = mkIf config.programs.zsh.enable pkgs.zsh;
isNormalUser = true;
openssh.authorizedKeys.keys = authorizedKeys;
@@ -38,10 +36,6 @@ in
subGidRanges = [{ startGid = 100000; count = 65536; }];
};
- home-manager.users.vincent = mkMerge ([
- (import ../modules)
- ]); # ++ optionals config.profiles.desktop.enable [ ./desktop ]);
-
nix = {
trustedUsers = [ "vincent" ];
sshServe.keys = authorizedKeys;
@@ -61,4 +55,6 @@ in
${pkgs.systemd}/bin/loginctl enable-linger ${config.users.users.vincent.name}
'';
+ # Home-manager "magic"
+ home-manager.users.vincent = inputs.self.internal.homeManagerConfigurations."vincent";
}
diff --git a/users/vincent/default.nix b/users/vincent/default.nix
@@ -23,29 +23,43 @@ in
++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]
++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
- ++ optionals config.profiles.docker.enable [ "docker" ]
+ ++ optionals config.virtualisation.docker.enable [ "docker" ]
++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
shell = mkIf config.programs.zsh.enable pkgs.zsh;
isNormalUser = true;
openssh.authorizedKeys.keys = authorizedKeys;
- # FIXME change this ?
initialPassword = "changeMe";
- # FIXME This might be handled differently by programs.podman, …
subUidRanges = [{ startUid = 100000; count = 65536; }];
subGidRanges = [{ startGid = 100000; count = 65536; }];
};
- /*
- virtualisation = mkIf isContainersEnabled {
- containers.users = [ "vincent" ];
+ nix = {
+ trustedUsers = [ "vincent" ];
+ sshServe.keys = authorizedKeys;
};
- */
- security.pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+ security = {
+ pam = {
+ # Nix will hit the stack limit when using `nixFlakes`.
+ loginLimits = [
+ { domain = config.users.users.vincent.name; item = "stack"; type = "-"; value = "unlimited"; }
+ ];
+ };
+ };
+
+ # Enable user units to persist after sessions end.
+ system.activationScripts.loginctl-enable-linger-vincent = lib.stringAfter [ "users" ] ''
+ ${pkgs.systemd}/bin/loginctl enable-linger ${config.users.users.vincent.name}
+ '';
+
+ # To use nixos config in home-manager configuration, use the nixosConfig attr.
+ # This make it possible to import the whole configuration, and let each module
+ # load their own.
home-manager.users.vincent = lib.mkMerge
(
[
+ (import ../home.nix)
(import ./core)
(import ./mails { hostname = config.networking.hostName; pkgs = pkgs; })
]
diff --git a/users/vincent/desktop.flake.nix b/users/vincent/desktop.flake.nix
@@ -1,5 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- home-manager.users.vincent = lib.mkIf config.profiles.desktop.enable (import ./desktop);
-}
diff --git a/users/vincent/desktop/default.nix b/users/vincent/desktop/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, nixosConfig, ... }:
{
imports = [
@@ -36,7 +36,7 @@
keybase
# pass
profile-sync-daemon
- ];
+ ] ++ lib.optionals nixosConfig.profiles.desktop.i3.enable [ pkgs.brave ];
xdg.configFile."obs-studio/plugins/obs-v4l2sink/bin/64bit/obs-v4l2sink.so".source =
"${pkgs.obs-v4l2sink}/share/obs/obs-plugins/v4l2sink/bin/64bit/v4l2sink.so";
diff --git a/users/vincent/desktop/i3.nix b/users/vincent/desktop/i3.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, nixosConfig, lib, pkgs, ... }:
with lib;
let
diff --git a/users/vincent/home.nix b/users/vincent/home.nix
@@ -0,0 +1,5 @@
+{ pkgs, ... }:
+
+{
+ home.packages = with pkgs; [ htop ];
+}
diff --git a/users/vincent/laptop.flake.nix b/users/vincent/laptop.flake.nix
@@ -1,7 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- home-manager.users.vincent = lib.mkIf config.profiles.laptop.enable {
- programs.autorandr.enable = true;
- };
-}