commit 438b37ec7b270092af47e73d0f3bc21b7db980ed
parent 6cce972f0e96d6b85f3bacaebb7f353f06d9c38f
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 21 Dec 2020 12:57:04 +0100
flake: make users import user configuration.
It will now look into `users/{user}` (default.flake.nix for now).
Default is now root and vincent (before it was only vincent).
Next step is a smarter home-manager setup, aka take parts of
mkHomeManagerConfiguration and make it automatic in users/….
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
4 files changed, 120 insertions(+), 5 deletions(-)
diff --git a/flake.nix b/flake.nix
@@ -94,14 +94,13 @@
The attribute set is composed of:
- pkgs: the package set to use. To be taken from the inputs (inputs.nixos, …)
- system: the architecture of the system. Default is x86_64-linux.
- - config
- - users
-
+ - config: the configuration path that will be imported
+ - users: the list of user configuration to import
*/
mkNixOsConfiguration = name: { pkgs
, system ? "x86_64-linux"
, config ? ./systems/hosts + "/${name}.flake.nix"
- , users ? [ "vincent" ]
+ , users ? [ "root" "vincent" ]
}:
# assert asserts.assertMsg (builtins.pathExists config) "${name} has no configuration, create one in ./systems/hosts/${name}.flake.nix";
nameValuePair name (nixosSystem {
@@ -145,7 +144,9 @@
(import ./systems/modules/default.flake.nix)
(import ./systems/profiles)
(import config)
- ];
+ ]
+ # Load user configuration based on the list of users passed.
+ ++ (map (f: import (./users + ("/" + f + "/default.flake.nix"))) users);
specialArgs = { inherit name inputs; };
});
diff --git a/users/houbeb/default.flake.nix b/users/houbeb/default.flake.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+ users.users.houbeb = {
+ createHome = true;
+ description = "Houbeb Ben Othmene";
+ extraGroups = [ "wheel" ];
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [
+ "…"
+ ];
+ };
+ /*
+ home-manager.users.houbeb = {
+ home.packages = with pkgs; [ hello ];
+ };
+ */
+}
diff --git a/users/root/default.flake.nix b/users/root/default.flake.nix
@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+with lib; {
+ users.users.root = {
+ shell = mkIf config.programs.zsh.enable pkgs.zsh;
+ };
+ /*
+ home-manager.users.root = lib.mkMerge (
+ [ (import ../vincent/core) ]
+ );
+ */
+}
diff --git a/users/vincent/default.flake.nix b/users/vincent/default.flake.nix
@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
+
+ isAuthorized = p: builtins.isAttrs p && p.authorized or false;
+ authorizedKeys = lists.optionals secretCondition (
+ attrsets.mapAttrsToList
+ (name: value: value.key)
+ (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
+ );
+
+ hasConfigVirtualizationContainers = builtins.hasAttr "containers" config.virtualisation;
+ isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false;
+in
+{
+ users.users.vincent = {
+ createHome = true;
+ uid = 1000;
+ description = "Vincent Demeester";
+ extraGroups = [ "wheel" "input" ]
+ ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]
+ ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
+ ++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
+ ++ optionals config.profiles.docker.enable [ "docker" ]
+ ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
+ ++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
+ shell = mkIf config.programs.zsh.enable pkgs.zsh;
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = authorizedKeys;
+ # FIXME change this ?
+ initialPassword = "changeMe";
+ # FIXME This might be handled differently by programs.podman, …
+ subUidRanges = [{ startUid = 100000; count = 65536; }];
+ subGidRanges = [{ startGid = 100000; count = 65536; }];
+ };
+
+
+ /*
+ security.pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+
+ home-manager.users.vincent = lib.mkMerge
+ (
+ [
+ (import ./core)
+ (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; })
+ ]
+ ++ optionals config.profiles.dev.enable [ (import ./dev) ]
+ ++ optionals config.profiles.desktop.enable [ (import ./desktop) ]
+ ++ optionals config.profiles.desktop.gnome.enable [ (import ./desktop/gnome.nix) ]
+ ++ optionals config.profiles.desktop.i3.enable [ (import ./desktop/i3.nix) ]
+ ++ optionals (config.networking.hostName == "wakasu") [
+ {
+ home.packages = with pkgs; [
+ libosinfo
+ asciinema
+ oathToolkit
+ ];
+ }
+ ]
+ ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [
+ {
+ # FIXME move this in its own file
+ programs.autorandr.enable = true;
+ }
+ ]
+ ++ optionals config.profiles.docker.enable [
+ {
+ home.packages = with pkgs; [ docker docker-compose ];
+ }
+ ]
+ ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{
+ home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys;
+ }]
+ ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
+ ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ]
+ ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ]
+ ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ]
+ ++ optionals config.profiles.redhat.enable [{
+ home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;
+ home.packages = with pkgs; [ gnome3.zenity oathToolkit ];
+ }]
+ );
+ */
+}