From f5edd23253cf75ee049344dd48bea9f79b667791 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Wed, 6 Mar 2024 10:33:48 +0200 Subject: [PATCH] vm: fix user propagation, refactor base.users --- flake.nix | 38 +++++++++----------- hosts/fra1-a/configuration.nix | 8 ++--- hosts/fwminex/configuration.nix | 7 ++-- hosts/vm/configuration.nix | 44 +++++------------------ hosts/vno1-oh2/configuration.nix | 7 ++-- hosts/vno3-rp3b/configuration.nix | 8 ++--- modules/base/default.nix | 5 +-- modules/base/users/default.nix | 53 ++++++++++++++-------------- modules/profiles/desktop/default.nix | 2 +- shared/home/default.nix | 2 +- 10 files changed, 70 insertions(+), 104 deletions(-) diff --git a/flake.nix b/flake.nix index bba9d84..be567e9 100644 --- a/flake.nix +++ b/flake.nix @@ -111,30 +111,26 @@ gamja = super.callPackage ./pkgs/gamja.nix {}; }) ]; + + mkVM = system: + nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + {nixpkgs.overlays = overlays;} + ./hosts/vm/configuration.nix + + ./modules + ./modules/profiles/desktop + + home-manager.nixosModules.home-manager + ]; + specialArgs = {inherit myData;} // inputs; + }; in { nixosConfigurations = { - vm-x86_64 = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - {nixpkgs.overlays = overlays;} - home-manager.nixosModules.home-manager - ./hosts/vm/configuration.nix - ./modules - ]; - specialArgs = {inherit myData;} // inputs; - }; - - vm-aarch64 = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - {nixpkgs.overlays = overlays;} - home-manager.nixosModules.home-manager - ./hosts/vm/configuration.nix - ./modules - ]; - specialArgs = {inherit myData;} // inputs; - }; + vm-x86_64 = mkVM "x86_64-linux"; + vm-aarch64 = mkVM "aarch64-linux"; op5p = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; diff --git a/hosts/fra1-a/configuration.nix b/hosts/fra1-a/configuration.nix index 06c1fcc..424873a 100644 --- a/hosts/fra1-a/configuration.nix +++ b/hosts/fra1-a/configuration.nix @@ -31,13 +31,13 @@ mj = { stateVersion = "23.05"; timeZone = "UTC"; + username = "motiejus"; + base = { users = { enable = true; - passwd = { - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; - }; + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; }; unitstatus = { diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 5c7bab9..bb9db44 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -56,16 +56,15 @@ in { mj = { stateVersion = "23.05"; timeZone = "Europe/Vilnius"; + username = "motiejus"; base = { zfs.enable = true; users = { enable = true; devTools = true; - passwd = { - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; - }; + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; }; snapshot = { diff --git a/hosts/vm/configuration.nix b/hosts/vm/configuration.nix index 9c6990b..7ef0dc2 100644 --- a/hosts/vm/configuration.nix +++ b/hosts/vm/configuration.nix @@ -2,33 +2,24 @@ self, lib, pkgs, - myData, - config, modulesPath, ... }: { imports = [ "${modulesPath}/profiles/all-hardware.nix" "${modulesPath}/installer/cd-dvd/iso-image.nix" - ../../modules/profiles/desktop ]; - home-manager.useGlobalPkgs = true; - home-manager.users.nixos = {pkgs, ...}: - import ../../shared/home/default.nix { - inherit lib; - inherit pkgs; - inherit (config.mj) stateVersion; - username = "nixos"; - devTools = true; - hmOnly = false; - email = "motiejus@jakstys.lt"; - }; - mj = { stateVersion = "23.11"; timeZone = "UTC"; username = "nixos"; + + base.users = { + enable = true; + user.initialHashedPassword = ""; + root.initialHashedPassword = ""; + }; }; isoImage = { @@ -44,32 +35,15 @@ swapDevices = []; services = { - pcscd.enable = true; getty.autologinUser = "nixos"; - xserver.enable = true; - }; - - users.users = { - nixos = { - isNormalUser = true; - initialHashedPassword = ""; - openssh.authorizedKeys.keys = [myData.people_pubkeys.motiejus]; - }; - root.initialHashedPassword = ""; }; # do not autostart lightdm, leave at tty systemd.services.display-manager.wantedBy = lib.mkForce []; - security = { - pam.services.lightdm.text = '' - auth sufficient pam_succeed_if.so user ingroup wheel - ''; - sudo = { - enable = true; - wheelNeedsPassword = false; - }; - }; + security.pam.services.lightdm.text = '' + auth sufficient pam_succeed_if.so user ingroup wheel + ''; networking = { hostName = "vm"; diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index be936b2..f5ac807 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -38,15 +38,14 @@ mj = { stateVersion = "23.05"; timeZone = "Europe/Vilnius"; + username = "motiejus"; base = { zfs.enable = true; users = { enable = true; - passwd = { - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; - }; + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; }; snapshot = { diff --git a/hosts/vno3-rp3b/configuration.nix b/hosts/vno3-rp3b/configuration.nix index 536a4ef..4946179 100644 --- a/hosts/vno3-rp3b/configuration.nix +++ b/hosts/vno3-rp3b/configuration.nix @@ -54,14 +54,14 @@ mj = { stateVersion = "23.05"; timeZone = "Europe/Vilnius"; + username = "motiejus"; + base = { zfs.enable = true; users = { enable = true; - passwd = { - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; - }; + root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; + user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; }; unitstatus = { enable = true; diff --git a/modules/base/default.nix b/modules/base/default.nix index aa591d9..098d4f3 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -31,10 +31,7 @@ in { description = "Time zone for this system"; }; - username = lib.mkOption { - type = str; - default = "motiejus"; - }; + username = lib.mkOption {type = str;}; }; config = { diff --git a/modules/base/users/default.nix b/modules/base/users/default.nix index 01212a3..0ad066e 100644 --- a/modules/base/users/default.nix +++ b/modules/base/users/default.nix @@ -5,6 +5,25 @@ ... }: let cfg = config.mj.base.users; + props = with lib.types; { + hashedPasswordFile = lib.mkOption { + type = nullOr path; + default = null; + }; + initialPassword = lib.mkOption { + type = nullOr str; + default = null; + }; + initialHashedPassword = lib.mkOption { + type = nullOr str; + default = null; + }; + + extraGroups = lib.mkOption { + type = listOf str; + default = []; + }; + }; in { options.mj.base.users = with lib.types; { enable = lib.mkEnableOption "enable motiejus and root"; @@ -12,25 +31,8 @@ in { type = bool; default = false; }; - passwd = lib.mkOption { - type = attrsOf (submodule { - options = { - hashedPasswordFile = lib.mkOption { - type = nullOr path; - default = null; - }; - initialPassword = lib.mkOption { - type = nullOr str; - default = null; - }; - - extraGroups = lib.mkOption { - type = listOf str; - default = []; - }; - }; - }); - }; + user = props; + root = props; }; config = lib.mkIf cfg.enable { @@ -38,10 +40,10 @@ in { mutableUsers = false; users = { - motiejus = + ${config.mj.username} = { isNormalUser = true; - extraGroups = ["wheel" "dialout" "video"] ++ cfg.passwd.motiejus.extraGroups; + extraGroups = ["wheel" "dialout" "video"] ++ cfg.user.extraGroups; uid = myData.uidgid.motiejus; openssh.authorizedKeys.keys = [ myData.people_pubkeys.motiejus @@ -51,19 +53,18 @@ in { n: v: (n == "hashedPasswordFile" || n == "initialPassword") && v != null ) - cfg.passwd.motiejus or {}; + cfg.user or {}; - root = assert lib.assertMsg (cfg.passwd ? root) "root password needs to be defined"; - lib.filterAttrs (_: v: v != null) cfg.passwd.root; + root = lib.filterAttrs (_: v: v != null) cfg.root; }; }; home-manager.useGlobalPkgs = true; - home-manager.users.motiejus = {pkgs, ...}: + home-manager.users.${config.mj.username} = {pkgs, ...}: import ../../../shared/home/default.nix { inherit lib; inherit pkgs; - inherit (config.mj) stateVersion; + inherit (config.mj) stateVersion username; inherit (cfg) devTools; hmOnly = false; email = "motiejus@jakstys.lt"; diff --git a/modules/profiles/desktop/default.nix b/modules/profiles/desktop/default.nix index 276bbcd..da3deb5 100644 --- a/modules/profiles/desktop/default.nix +++ b/modules/profiles/desktop/default.nix @@ -23,7 +23,7 @@ in { wireshark.enable = true; }; - mj.base.users.passwd.${username}.extraGroups = ["adbusers" "networkmanager" "wireshark"]; + mj.base.users.user.extraGroups = ["adbusers" "networkmanager" "wireshark"]; services = { fwupd.enable = true; diff --git a/shared/home/default.nix b/shared/home/default.nix index 00262b1..ca00bb3 100644 --- a/shared/home/default.nix +++ b/shared/home/default.nix @@ -5,7 +5,7 @@ email, devTools, hmOnly, - username ? "motiejus", + username, ... }: let # from https://github.com/Gerg-L/demoninajar/blob/39964f198dbfa34c21f81c35370fab312b476051/homes/veritas_manjaro/nixGL.nix#L42