home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 438b37ec7b270092af47e73d0f3bc21b7db980ed
parent 6cce972f0e96d6b85f3bacaebb7f353f06d9c38f
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Mon, 21 Dec 2020 12:57:04 +0100

flake: make users import user configuration.

It will now look into `users/{user}` (default.flake.nix for now).
Default is now root and vincent (before it was only vincent).

Next step is a smarter home-manager setup, aka take parts of
mkHomeManagerConfiguration and make it automatic in users/….

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Mflake.nix | 11++++++-----
Ausers/houbeb/default.flake.nix | 16++++++++++++++++
Ausers/root/default.flake.nix | 12++++++++++++
Ausers/vincent/default.flake.nix | 86+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 120 insertions(+), 5 deletions(-)

diff --git a/flake.nix b/flake.nix @@ -94,14 +94,13 @@ The attribute set is composed of: - pkgs: the package set to use. To be taken from the inputs (inputs.nixos, …) - system: the architecture of the system. Default is x86_64-linux. - - config - - users - + - config: the configuration path that will be imported + - users: the list of user configuration to import */ mkNixOsConfiguration = name: { pkgs , system ? "x86_64-linux" , config ? ./systems/hosts + "/${name}.flake.nix" - , users ? [ "vincent" ] + , users ? [ "root" "vincent" ] }: # assert asserts.assertMsg (builtins.pathExists config) "${name} has no configuration, create one in ./systems/hosts/${name}.flake.nix"; nameValuePair name (nixosSystem { @@ -145,7 +144,9 @@ (import ./systems/modules/default.flake.nix) (import ./systems/profiles) (import config) - ]; + ] + # Load user configuration based on the list of users passed. + ++ (map (f: import (./users + ("/" + f + "/default.flake.nix"))) users); specialArgs = { inherit name inputs; }; }); diff --git a/users/houbeb/default.flake.nix b/users/houbeb/default.flake.nix @@ -0,0 +1,16 @@ +{ pkgs, ... }: { + users.users.houbeb = { + createHome = true; + description = "Houbeb Ben Othmene"; + extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "…" + ]; + }; + /* + home-manager.users.houbeb = { + home.packages = with pkgs; [ hello ]; + }; + */ +} diff --git a/users/root/default.flake.nix b/users/root/default.flake.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +with lib; { + users.users.root = { + shell = mkIf config.programs.zsh.enable pkgs.zsh; + }; + /* + home-manager.users.root = lib.mkMerge ( + [ (import ../vincent/core) ] + ); + */ +} diff --git a/users/vincent/default.flake.nix b/users/vincent/default.flake.nix @@ -0,0 +1,86 @@ +{ config, lib, pkgs, ... }: +with lib; +let + secretPath = ../../secrets/machines.nix; + secretCondition = (builtins.pathExists secretPath); + + isAuthorized = p: builtins.isAttrs p && p.authorized or false; + authorizedKeys = lists.optionals secretCondition ( + attrsets.mapAttrsToList + (name: value: value.key) + (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh) + ); + + hasConfigVirtualizationContainers = builtins.hasAttr "containers" config.virtualisation; + isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false; +in +{ + users.users.vincent = { + createHome = true; + uid = 1000; + description = "Vincent Demeester"; + extraGroups = [ "wheel" "input" ] + ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ] + ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ] + ++ optionals config.networking.networkmanager.enable [ "networkmanager" ] + ++ optionals config.profiles.docker.enable [ "docker" ] + ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ] + ++ optionals config.profiles.virtualization.enable [ "libvirtd" ]; + shell = mkIf config.programs.zsh.enable pkgs.zsh; + isNormalUser = true; + openssh.authorizedKeys.keys = authorizedKeys; + # FIXME change this ? + initialPassword = "changeMe"; + # FIXME This might be handled differently by programs.podman, … + subUidRanges = [{ startUid = 100000; count = 65536; }]; + subGidRanges = [{ startGid = 100000; count = 65536; }]; + }; + + + /* + security.pam.services.vincent.fprintAuth = config.services.fprintd.enable; + + home-manager.users.vincent = lib.mkMerge + ( + [ + (import ./core) + (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; }) + ] + ++ optionals config.profiles.dev.enable [ (import ./dev) ] + ++ optionals config.profiles.desktop.enable [ (import ./desktop) ] + ++ optionals config.profiles.desktop.gnome.enable [ (import ./desktop/gnome.nix) ] + ++ optionals config.profiles.desktop.i3.enable [ (import ./desktop/i3.nix) ] + ++ optionals (config.networking.hostName == "wakasu") [ + { + home.packages = with pkgs; [ + libosinfo + asciinema + oathToolkit + ]; + } + ] + ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [ + { + # FIXME move this in its own file + programs.autorandr.enable = true; + } + ] + ++ optionals config.profiles.docker.enable [ + { + home.packages = with pkgs; [ docker docker-compose ]; + } + ] + ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{ + home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys; + }] + ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ] + ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ] + ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ] + ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ] + ++ optionals config.profiles.redhat.enable [{ + home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop; + home.packages = with pkgs; [ gnome3.zenity oathToolkit ]; + }] + ); + */ +}