modularize users

and other stuff

sys/modules/default.nix

@@ -11,5 +11,6 @@
     ./graphics.nix
     ./virtualisation.nix
     ./android.nix
+    ./users.nix
   ];
 }

sys/modules/users.nix

@@ -0,0 +1,75 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.local.sys.users;
+  userType = types.submodule {
+    options = {
+      enable = mkEnableOption "user settings";
+      unixId = mkOption {
+        # gid and uid are always the same
+        type = types.int;
+      };
+      admin = mkOption {
+        type = types.bool;
+        default = false;
+      };
+      sshKeyPublicFile = mkOption {
+        type = types.listOf types.path;
+        default = [];
+      };
+    };
+  };
+in {
+  options.local.sys.users = mkOption {
+    type = types.attrsOf userType;
+    default = {};
+  };
+
+  config = {
+    local.sys.users = {
+      fabian = {
+        unixId = mkDefault 1000;
+        admin = true;
+      };
+      vanessa = {
+        unixId = mkDefault 1001;
+        admin = false;
+      };
+      soto = {
+        unixId = mkDefault 1010;
+        admin = false;
+      };
+      diaz = {
+        unixId = mkDefault 1011;
+        admin = false;
+      };
+    };
+
+    users = let
+      enabledUsers = filterAttrs (k: v: v.enable) cfg;
+    in {
+      groups =
+        mapAttrs (k: v: {
+          gid = v.unixId;
+        })
+        enabledUsers;
+
+      users =
+        mapAttrs (k: v: {
+          isNormalUser = true;
+          uid = v.unixId;
+          group = k;
+          shell = pkgs.zsh;
+          extraGroups =
+            ["users" "networkmanager"]
+            ++ optionals (v.admin) ["wheel" "libvirtd" "dialout"];
+          openssh.authorizedKeys.keyFiles = v.sshKeyPublicFile;
+        })
+        enabledUsers;
+    };
+  };
+}

sys/platforms/posixlycorrect/default.nix

@@ -1,14 +1,13 @@
-# Edet this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
 {
   config,
   pkgs,
   lib,
+  flakes,
   ...
 }: {
   imports = [
-    # Include the results of the hardware scan.
+    flakes.home-manager.nixosModules.home-manager
+    flakes.impermanence.nixosModule
     ./hardware-configuration.nix
   ];
 
@@ -20,6 +19,22 @@
     graphics.enable = true;
     virtualisation.enable = true;
     androidSupport.enable = true;
+    users = {
+      fabian = {
+        enable = true;
+        unixId = 1002;
+      };
+      vanessa.enable = true;
+    };
+  };
+
+  networking = {
+    hostName = "posixlycorrect";
+    networkmanager.enable = true;
+
+    useDHCP = false;                    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+    interfaces.enp7s0.useDHCP = true;   # Per-interface useDHCP will be mandatory in the future, so this generated config
+    interfaces.wlp6s0.useDHCP = true;   # replicates the default behaviour.
   };
 
   boot = {
@@ -31,31 +46,8 @@
     kernelPackages = pkgs.linuxPackages_latest;
   };
 
-  networking = {
-    hostName = "posixlycorrect";
-    networkmanager.enable = true;
-
-    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-    # Per-interface useDHCP will be mandatory in the future, so this generated config
-    # replicates the default behaviour.
-    useDHCP = false;
-    interfaces.enp7s0.useDHCP = true;
-    interfaces.wlp6s0.useDHCP = true;
-  };
-
   # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
 
-  users = {
-    users.fabian = {
-      isNormalUser = true;
-      uid = 1002; # nunca cambiar mi ID de usuario
-      group = "fabian";
-      shell = pkgs.zsh;
-      extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"];
-    };
-    groups.fabian.gid = 1002;
-  };
-
   time.timeZone = "America/Costa_Rica";
 }

sys/platforms/posixlycorrect/hardware-configuration.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  flakes,
   modulesPath,
   ...
 }: let
@@ -12,7 +13,7 @@
   };
 in {
   imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
+    flakes.nixpkgs.nixosModules.notDetected
   ];
 
   boot.initrd = {

sys/platforms/vps/default.nix

@@ -1,8 +1,9 @@
 {
   config,
-  pkgs,
   lib,
+  pkgs,
   flakes,
+  modulesPath,
   ...
 }:
 with lib; {
@@ -10,27 +11,21 @@ with lib; {
     flakes.vpsadminos.nixosConfigurations.container
     flakes.home-manager.nixosModules.home-manager
     flakes.impermanence.nixosModule
+    ./hardware-configuration.nix
     ./srv
   ];
 
   local.sys = {
     baseline.enable = true;
+
+    users.fabian = {
+      enable = true;
+      sshKeyPublicFile = [ public_files/pki/fabian.ssh ];
+    };
   };
 
   networking.hostName = "vps";
 
-  users = {
-    users.fabian = {
-      isNormalUser = true;
-      uid = 1000;
-      group = "fabian";
-      shell = pkgs.zsh;
-      extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"];
-      openssh.authorizedKeys.keyFiles = [public_files/pki/fabian.ssh];
-    };
-    groups.fabian.gid = 1000;
-  };
-
   services.openssh = {
     settings.PasswordAuthentication = false;
   };
@@ -54,19 +49,5 @@ with lib; {
     DefaultTimeoutStartSec=900s
   '';
 
-  fileSystems = {
-    "/mnt/export2008" = {
-      device = "172.16.129.19:/nas/5876";
-      fsType = "nfs";
-      options = ["nofail" "noatime"];
-    };
-
-    "/mnt/export2011" = {
-      device = "172.16.129.151:/nas/5876/bepasty";
-      fsType = "nfs";
-      options = ["nofail" "noatime" "noexec"];
-    };
-  };
-
   time.timeZone = "Europe/Amsterdam";
 }

sys/platforms/vps/hardware-configuration.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  pkgs,
+  flakes,
+  modulesPath,
+  ...
+}: let
+in {
+  fileSystems = {
+    "/mnt/export2008" = {
+      device = "172.16.129.19:/nas/5876";
+      fsType = "nfs";
+      options = ["nofail" "noatime"];
+    };
+
+    "/mnt/export2011" = {
+      device = "172.16.129.151:/nas/5876/bepasty";
+      fsType = "nfs";
+      options = ["nofail" "noatime" "noexec"];
+    };
+  };
+}