motiejus/config
1
Fork 0
Code Packages Releases Activity

vm: fix user propagation, refactor base.users

Browse Source
This commit is contained in:
Motiejus Jakštys 2024-03-06 10:33:48 +02:00
parent b31dff0451
commit f5edd23253
10 changed files with 70 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
flake.nix
View File

@ -111,30 +111,26 @@
gamja = super.callPackage ./pkgs/gamja.nix {}; gamja = super.callPackage ./pkgs/gamja.nix {};
}) })
]; ];
mkVM = system:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [
{nixpkgs.overlays = overlays;}
./hosts/vm/configuration.nix
./modules
./modules/profiles/desktop
home-manager.nixosModules.home-manager
];
specialArgs = {inherit myData;} // inputs;
};
in in
{ {
nixosConfigurations = { nixosConfigurations = {
vm-x86_64 = nixpkgs.lib.nixosSystem { vm-x86_64 = mkVM "x86_64-linux";
system = "x86_64-linux"; vm-aarch64 = mkVM "aarch64-linux";
modules = [
{nixpkgs.overlays = overlays;}
home-manager.nixosModules.home-manager
./hosts/vm/configuration.nix
./modules
];
specialArgs = {inherit myData;} // inputs;
};
vm-aarch64 = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
{nixpkgs.overlays = overlays;}
home-manager.nixosModules.home-manager
./hosts/vm/configuration.nix
./modules
];
specialArgs = {inherit myData;} // inputs;
};
op5p = nixpkgs.lib.nixosSystem { op5p = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";

6
hosts/fra1-a/configuration.nix
View File

@ -31,13 +31,13 @@
mj = { mj = {
stateVersion = "23.05"; stateVersion = "23.05";
timeZone = "UTC"; timeZone = "UTC";
username = "motiejus";
base = { base = {
users = { users = {
enable = true; enable = true;
passwd = {
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
};
}; };
unitstatus = { unitstatus = {

5
hosts/fwminex/configuration.nix
View File

@ -56,16 +56,15 @@ in {
mj = { mj = {
stateVersion = "23.05"; stateVersion = "23.05";
timeZone = "Europe/Vilnius"; timeZone = "Europe/Vilnius";
username = "motiejus";
base = { base = {
zfs.enable = true; zfs.enable = true;
users = { users = {
enable = true; enable = true;
devTools = true; devTools = true;
passwd = {
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
};
}; };
snapshot = { snapshot = {

40
hosts/vm/configuration.nix
View File

@ -2,33 +2,24 @@
self, self,
lib, lib,
pkgs, pkgs,
myData,
config,
modulesPath, modulesPath,
... ...
}: { }: {
imports = [ imports = [
"${modulesPath}/profiles/all-hardware.nix" "${modulesPath}/profiles/all-hardware.nix"
"${modulesPath}/installer/cd-dvd/iso-image.nix" "${modulesPath}/installer/cd-dvd/iso-image.nix"
../../modules/profiles/desktop
]; ];
home-manager.useGlobalPkgs = true;
home-manager.users.nixos = {pkgs, ...}:
import ../../shared/home/default.nix {
inherit lib;
inherit pkgs;
inherit (config.mj) stateVersion;
username = "nixos";
devTools = true;
hmOnly = false;
email = "motiejus@jakstys.lt";
};
mj = { mj = {
stateVersion = "23.11"; stateVersion = "23.11";
timeZone = "UTC"; timeZone = "UTC";
username = "nixos"; username = "nixos";
base.users = {
enable = true;
user.initialHashedPassword = "";
root.initialHashedPassword = "";
};
}; };
isoImage = { isoImage = {
@ -44,32 +35,15 @@
swapDevices = []; swapDevices = [];
services = { services = {
pcscd.enable = true;
getty.autologinUser = "nixos"; getty.autologinUser = "nixos";
xserver.enable = true;
};
users.users = {
nixos = {
isNormalUser = true;
initialHashedPassword = "";
openssh.authorizedKeys.keys = [myData.people_pubkeys.motiejus];
};
root.initialHashedPassword = "";
}; };
# do not autostart lightdm, leave at tty # do not autostart lightdm, leave at tty
systemd.services.display-manager.wantedBy = lib.mkForce []; systemd.services.display-manager.wantedBy = lib.mkForce [];
security = { security.pam.services.lightdm.text = ''
pam.services.lightdm.text = ''
auth sufficient pam_succeed_if.so user ingroup wheel auth sufficient pam_succeed_if.so user ingroup wheel
''; '';
sudo = {
enable = true;
wheelNeedsPassword = false;
};
};
networking = { networking = {
hostName = "vm"; hostName = "vm";

5
hosts/vno1-oh2/configuration.nix
View File

@ -38,15 +38,14 @@
mj = { mj = {
stateVersion = "23.05"; stateVersion = "23.05";
timeZone = "Europe/Vilnius"; timeZone = "Europe/Vilnius";
username = "motiejus";
base = { base = {
zfs.enable = true; zfs.enable = true;
users = { users = {
enable = true; enable = true;
passwd = {
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
};
}; };
snapshot = { snapshot = {

6
hosts/vno3-rp3b/configuration.nix
View File

@ -54,14 +54,14 @@
mj = { mj = {
stateVersion = "23.05"; stateVersion = "23.05";
timeZone = "Europe/Vilnius"; timeZone = "Europe/Vilnius";
username = "motiejus";
base = { base = {
zfs.enable = true; zfs.enable = true;
users = { users = {
enable = true; enable = true;
passwd = {
root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
motiejus.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
};
}; };
unitstatus = { unitstatus = {
enable = true; enable = true;

5
modules/base/default.nix
View File

@ -31,10 +31,7 @@ in {
description = "Time zone for this system"; description = "Time zone for this system";
}; };
username = lib.mkOption { username = lib.mkOption {type = str;};
type = str;
default = "motiejus";
};
}; };
config = { config = {

37
modules/base/users/default.nix
View File

@ -5,16 +5,7 @@
... ...
}: let }: let
cfg = config.mj.base.users; cfg = config.mj.base.users;
in { props = with lib.types; {
options.mj.base.users = with lib.types; {
enable = lib.mkEnableOption "enable motiejus and root";
devTools = lib.mkOption {
type = bool;
default = false;
};
passwd = lib.mkOption {
type = attrsOf (submodule {
options = {
hashedPasswordFile = lib.mkOption { hashedPasswordFile = lib.mkOption {
type = nullOr path; type = nullOr path;
default = null; default = null;
@ -23,14 +14,25 @@ in {
type = nullOr str; type = nullOr str;
default = null; default = null;
}; };
initialHashedPassword = lib.mkOption {
type = nullOr str;
default = null;
};
extraGroups = lib.mkOption { extraGroups = lib.mkOption {
type = listOf str; type = listOf str;
default = []; default = [];
}; };
}; };
}); in {
options.mj.base.users = with lib.types; {
enable = lib.mkEnableOption "enable motiejus and root";
devTools = lib.mkOption {
type = bool;
default = false;
}; };
user = props;
root = props;
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -38,10 +40,10 @@ in {
mutableUsers = false; mutableUsers = false;
users = { users = {
motiejus = ${config.mj.username} =
{ {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "dialout" "video"] ++ cfg.passwd.motiejus.extraGroups; extraGroups = ["wheel" "dialout" "video"] ++ cfg.user.extraGroups;
uid = myData.uidgid.motiejus; uid = myData.uidgid.motiejus;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
myData.people_pubkeys.motiejus myData.people_pubkeys.motiejus
@ -51,19 +53,18 @@ in {
n: v: n: v:
(n == "hashedPasswordFile" || n == "initialPassword") && v != null (n == "hashedPasswordFile" || n == "initialPassword") && v != null
) )
cfg.passwd.motiejus or {}; cfg.user or {};
root = assert lib.assertMsg (cfg.passwd ? root) "root password needs to be defined"; root = lib.filterAttrs (_: v: v != null) cfg.root;
lib.filterAttrs (_: v: v != null) cfg.passwd.root;
}; };
}; };
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.users.motiejus = {pkgs, ...}: home-manager.users.${config.mj.username} = {pkgs, ...}:
import ../../../shared/home/default.nix { import ../../../shared/home/default.nix {
inherit lib; inherit lib;
inherit pkgs; inherit pkgs;
inherit (config.mj) stateVersion; inherit (config.mj) stateVersion username;
inherit (cfg) devTools; inherit (cfg) devTools;
hmOnly = false; hmOnly = false;
email = "motiejus@jakstys.lt"; email = "motiejus@jakstys.lt";

2
modules/profiles/desktop/default.nix
View File

@ -23,7 +23,7 @@ in {
wireshark.enable = true; wireshark.enable = true;
}; };
mj.base.users.passwd.${username}.extraGroups = ["adbusers" "networkmanager" "wireshark"]; mj.base.users.user.extraGroups = ["adbusers" "networkmanager" "wireshark"];
services = { services = {
fwupd.enable = true; fwupd.enable = true;

2
shared/home/default.nix
View File

@ -5,7 +5,7 @@
email, email,
devTools, devTools,
hmOnly, hmOnly,
username ? "motiejus", username,
... ...
}: let }: let
# from https://github.com/Gerg-L/demoninajar/blob/39964f198dbfa34c21f81c35370fab312b476051/homes/veritas_manjaro/nixGL.nix#L42 # from https://github.com/Gerg-L/demoninajar/blob/39964f198dbfa34c21f81c35370fab312b476051/homes/veritas_manjaro/nixGL.nix#L42