From 119c0ab771a44375618c0f1600c090dc26aeb30f Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Mon, 2 Dec 2024 19:25:34 -0600 Subject: [PATCH] modularize users and other stuff --- sys/modules/default.nix | 1 + sys/modules/users.nix | 75 +++++++++++++++++++ sys/platforms/posixlycorrect/default.nix | 46 +++++------- .../posixlycorrect/hardware-configuration.nix | 3 +- sys/platforms/vps/default.nix | 35 ++------- sys/platforms/vps/hardware-configuration.nix | 23 ++++++ 6 files changed, 128 insertions(+), 55 deletions(-) create mode 100644 sys/modules/users.nix create mode 100644 sys/platforms/vps/hardware-configuration.nix diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 512b392..0696df5 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -11,5 +11,6 @@ ./graphics.nix ./virtualisation.nix ./android.nix + ./users.nix ]; } diff --git a/sys/modules/users.nix b/sys/modules/users.nix new file mode 100644 index 0000000..1e90b41 --- /dev/null +++ b/sys/modules/users.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.local.sys.users; + userType = types.submodule { + options = { + enable = mkEnableOption "user settings"; + unixId = mkOption { + # gid and uid are always the same + type = types.int; + }; + admin = mkOption { + type = types.bool; + default = false; + }; + sshKeyPublicFile = mkOption { + type = types.listOf types.path; + default = []; + }; + }; + }; +in { + options.local.sys.users = mkOption { + type = types.attrsOf userType; + default = {}; + }; + + config = { + local.sys.users = { + fabian = { + unixId = mkDefault 1000; + admin = true; + }; + vanessa = { + unixId = mkDefault 1001; + admin = false; + }; + soto = { + unixId = mkDefault 1010; + admin = false; + }; + diaz = { + unixId = mkDefault 1011; + admin = false; + }; + }; + + users = let + enabledUsers = filterAttrs (k: v: v.enable) cfg; + in { + groups = + mapAttrs (k: v: { + gid = v.unixId; + }) + enabledUsers; + + users = + mapAttrs (k: v: { + isNormalUser = true; + uid = v.unixId; + group = k; + shell = pkgs.zsh; + extraGroups = + ["users" "networkmanager"] + ++ optionals (v.admin) ["wheel" "libvirtd" "dialout"]; + openssh.authorizedKeys.keyFiles = v.sshKeyPublicFile; + }) + enabledUsers; + }; + }; +} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index b2182a3..8abceaf 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -1,14 +1,13 @@ -# Edet this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, lib, + flakes, ... }: { imports = [ - # Include the results of the hardware scan. + flakes.home-manager.nixosModules.home-manager + flakes.impermanence.nixosModule ./hardware-configuration.nix ]; @@ -20,6 +19,22 @@ graphics.enable = true; virtualisation.enable = true; androidSupport.enable = true; + users = { + fabian = { + enable = true; + unixId = 1002; + }; + vanessa.enable = true; + }; + }; + + networking = { + hostName = "posixlycorrect"; + networkmanager.enable = true; + + useDHCP = false; # The global useDHCP flag is deprecated, therefore explicitly set to false here. + interfaces.enp7s0.useDHCP = true; # Per-interface useDHCP will be mandatory in the future, so this generated config + interfaces.wlp6s0.useDHCP = true; # replicates the default behaviour. }; boot = { @@ -31,31 +46,8 @@ kernelPackages = pkgs.linuxPackages_latest; }; - networking = { - hostName = "posixlycorrect"; - networkmanager.enable = true; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - useDHCP = false; - interfaces.enp7s0.useDHCP = true; - interfaces.wlp6s0.useDHCP = true; - }; - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - users = { - users.fabian = { - isNormalUser = true; - uid = 1002; # nunca cambiar mi ID de usuario - group = "fabian"; - shell = pkgs.zsh; - extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; - }; - groups.fabian.gid = 1002; - }; - time.timeZone = "America/Costa_Rica"; } diff --git a/sys/platforms/posixlycorrect/hardware-configuration.nix b/sys/platforms/posixlycorrect/hardware-configuration.nix index a9feac6..168c7c6 100644 --- a/sys/platforms/posixlycorrect/hardware-configuration.nix +++ b/sys/platforms/posixlycorrect/hardware-configuration.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + flakes, modulesPath, ... }: let @@ -12,7 +13,7 @@ }; in { imports = [ - (modulesPath + "/installer/scan/not-detected.nix") + flakes.nixpkgs.nixosModules.notDetected ]; boot.initrd = { diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix index bc4d279..2882423 100644 --- a/sys/platforms/vps/default.nix +++ b/sys/platforms/vps/default.nix @@ -1,8 +1,9 @@ { config, - pkgs, lib, + pkgs, flakes, + modulesPath, ... }: with lib; { @@ -10,27 +11,21 @@ with lib; { flakes.vpsadminos.nixosConfigurations.container flakes.home-manager.nixosModules.home-manager flakes.impermanence.nixosModule + ./hardware-configuration.nix ./srv ]; local.sys = { baseline.enable = true; + + users.fabian = { + enable = true; + sshKeyPublicFile = [ public_files/pki/fabian.ssh ]; + }; }; networking.hostName = "vps"; - users = { - users.fabian = { - isNormalUser = true; - uid = 1000; - group = "fabian"; - shell = pkgs.zsh; - extraGroups = ["users" "wheel" "networkmanager" "dialout" "libvirtd"]; - openssh.authorizedKeys.keyFiles = [public_files/pki/fabian.ssh]; - }; - groups.fabian.gid = 1000; - }; - services.openssh = { settings.PasswordAuthentication = false; }; @@ -54,19 +49,5 @@ with lib; { DefaultTimeoutStartSec=900s ''; - fileSystems = { - "/mnt/export2008" = { - device = "172.16.129.19:/nas/5876"; - fsType = "nfs"; - options = ["nofail" "noatime"]; - }; - - "/mnt/export2011" = { - device = "172.16.129.151:/nas/5876/bepasty"; - fsType = "nfs"; - options = ["nofail" "noatime" "noexec"]; - }; - }; - time.timeZone = "Europe/Amsterdam"; } diff --git a/sys/platforms/vps/hardware-configuration.nix b/sys/platforms/vps/hardware-configuration.nix new file mode 100644 index 0000000..431b227 --- /dev/null +++ b/sys/platforms/vps/hardware-configuration.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + flakes, + modulesPath, + ... +}: let +in { + fileSystems = { + "/mnt/export2008" = { + device = "172.16.129.19:/nas/5876"; + fsType = "nfs"; + options = ["nofail" "noatime"]; + }; + + "/mnt/export2011" = { + device = "172.16.129.151:/nas/5876/bepasty"; + fsType = "nfs"; + options = ["nofail" "noatime" "noexec"]; + }; + }; +}