diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-12-13 15:19:21 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-12-13 15:19:21 -0800 |
| commit | 771039f64d44a60f9691582fe559e26b431bbbe8 (patch) | |
| tree | 1f980dd57b0f3256825f04f101c81ae458a4b424 | |
| parent | update builders configuration (diff) | |
| download | infra-771039f64d44a60f9691582fe559e26b431bbbe8.tar.gz | |
remove abstractions for managing users
Diffstat (limited to '')
| -rw-r--r-- | flake/hosts.nix | 19 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/HQ-KWNY2VH41P.nix | 25 | ||||
| -rw-r--r-- | machines/darwin/aarch64-darwin/mba-m2.nix | 29 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/argonath.nix | 13 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/bree.nix | 22 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/iso.nix | 17 | ||||
| -rw-r--r-- | machines/nixos/x86_64-linux/rivendell.nix | 37 | ||||
| -rw-r--r-- | modules/default-darwin.nix | 1 | ||||
| -rw-r--r-- | modules/default.nix | 3 | ||||
| -rw-r--r-- | modules/home-manager.nix | 12 | ||||
| -rw-r--r-- | modules/host-config.nix | 15 | ||||
| -rw-r--r-- | modules/user.nix | 24 | ||||
| -rw-r--r-- | profiles/darwin.nix | 11 | ||||
| -rw-r--r-- | profiles/defaults.nix | 2 | ||||
| -rw-r--r-- | profiles/home-manager.nix | 2 | ||||
| -rw-r--r-- | profiles/users/builder.nix | 15 | ||||
| -rw-r--r-- | profiles/users/fcuny.nix | 24 |
17 files changed, 99 insertions, 172 deletions
diff --git a/flake/hosts.nix b/flake/hosts.nix index 2a3f062..88be6dc 100644 --- a/flake/hosts.nix +++ b/flake/hosts.nix @@ -85,13 +85,6 @@ let name: conf: let inherit (conf) system hostconf; - adminUser = { - name = "fcuny"; - userinfo = { - email = "franck@fcuny.net"; - fullName = "Franck Cuny"; - }; - }; in { inherit name; @@ -101,12 +94,10 @@ let inherit system; specialArgs = { hostName = name; - inherit adminUser; inherit self; inherit inputs; }; modules = [ - { inherit adminUser; } { nixpkgs.pkgs = pkgs; nixpkgs.hostPlatform = system; @@ -129,14 +120,6 @@ let name: conf: let inherit (conf) system hostconf; - adminUser = { - name = "fcuny"; - uid = 1000; - userinfo = { - email = "franck@fcuny.net"; - fullName = "Franck Cuny"; - }; - }; in { inherit name; @@ -146,7 +129,6 @@ let inherit system; specialArgs = { hostName = name; - inherit adminUser; inherit self; hostConfigurations = mapAttrs' (name: conf: { inherit name; @@ -155,7 +137,6 @@ let inherit inputs; }; modules = [ - { inherit adminUser; } { system.configurationRevision = mkIf (self ? rev) self.rev; system.nixos.versionSuffix = mkForce "git.${substring 0 11 inputs.nixpkgs.rev}"; diff --git a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P.nix b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P.nix index 3207d2f..52dc522 100644 --- a/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P.nix +++ b/machines/darwin/aarch64-darwin/HQ-KWNY2VH41P.nix @@ -1,19 +1,13 @@ -{ - adminUser, - pkgs, - ... -}: +{ pkgs, ... }: { imports = [ ../../../profiles/darwin.nix ../../../profiles/home-manager.nix ]; - users = { - users.${adminUser.name} = { - home = "/Users/${adminUser.name}"; - shell = pkgs.fish; - }; + users.users.fcuny = { + home = "/Users/fcuny"; + shell = pkgs.fish; }; environment.shells = [ pkgs.fish ]; @@ -27,14 +21,17 @@ # End Nix ''; - home-manager.users.${adminUser.name} = { + home-manager.users.fcuny = { home.stateVersion = "23.05"; - home.username = "${adminUser.name}"; - home.homeDirectory = "/Users/${adminUser.name}"; + home.username = "fcuny"; + home.homeDirectory = "/Users/fcuny"; imports = [ ../../../home/profiles/mac.nix ../../../home/profiles/work.nix ]; - inherit (adminUser) userinfo; + userinfo = { + email = "fcuny@roblox.com"; + fullName = "Franck Cuny"; + }; }; } diff --git a/machines/darwin/aarch64-darwin/mba-m2.nix b/machines/darwin/aarch64-darwin/mba-m2.nix index df56e99..08a27c1 100644 --- a/machines/darwin/aarch64-darwin/mba-m2.nix +++ b/machines/darwin/aarch64-darwin/mba-m2.nix @@ -1,11 +1,7 @@ -{ adminUser, pkgs, ... }: +{ pkgs, ... }: { - age = { - secrets = { - ssh-remote-builder = { - file = ../../../secrets/ssh-remote-builder.age; - }; - }; + age.secrets = { + ssh-remote-builder.file = ../../../secrets/ssh-remote-builder.age; }; imports = [ @@ -19,11 +15,9 @@ networking.hostName = "mba-m2"; - users = { - users.${adminUser.name} = { - home = "/Users/${adminUser.name}"; - shell = pkgs.fish; - }; + users.users.fcuny = { + home = "/Users/fcuny"; + shell = pkgs.fish; }; environment.shells = [ pkgs.fish ]; @@ -37,10 +31,10 @@ # End Nix ''; - home-manager.users.${adminUser.name} = { + home-manager.users.fcuny = { home.stateVersion = "23.05"; - home.username = "${adminUser.name}"; - home.homeDirectory = "/Users/${adminUser.name}"; + home.username = "fcuny"; + home.homeDirectory = "/Users/fcuny"; home.packages = with pkgs; [ element-desktop hledger @@ -50,6 +44,9 @@ ../../../home/profiles/media.nix ../../../home/profiles/security.nix ]; - inherit (adminUser) userinfo; + userinfo = { + email = "franck@fcuny.net"; + fullName = "Franck Cuny"; + }; }; } diff --git a/machines/nixos/x86_64-linux/argonath.nix b/machines/nixos/x86_64-linux/argonath.nix index 4b72ca9..3dda772 100644 --- a/machines/nixos/x86_64-linux/argonath.nix +++ b/machines/nixos/x86_64-linux/argonath.nix @@ -1,4 +1,4 @@ -{ adminUser, ... }: +{ ... }: { imports = [ ../../../profiles/acme.nix @@ -10,17 +10,16 @@ ../../../profiles/reverse-proxy.nix ../../../profiles/server.nix ../../../profiles/wireguard.nix + ../../../profiles/users/fcuny.nix ]; networking.hostName = "argonath"; system.stateVersion = "25.05"; # Did you read the comment? - home-manager = { - users.${adminUser.name} = { - imports = [ - ../../../home/profiles/minimal.nix - ]; - }; + home-manager.users.fcuny = { + imports = [ + ../../../home/profiles/minimal.nix + ]; }; } diff --git a/machines/nixos/x86_64-linux/bree.nix b/machines/nixos/x86_64-linux/bree.nix index f91bf4f..9c9177d 100644 --- a/machines/nixos/x86_64-linux/bree.nix +++ b/machines/nixos/x86_64-linux/bree.nix @@ -1,9 +1,4 @@ -{ - lib, - adminUser, - config, - ... -}: +{ lib, config, ... }: { imports = [ ../../../profiles/cgroups.nix @@ -12,6 +7,7 @@ ../../../profiles/hardware/synology-vm.nix ../../../profiles/home-manager.nix ../../../profiles/server.nix + ../../../profiles/users/fcuny.nix ../../../profiles/wireguard.nix ]; @@ -19,14 +15,6 @@ networking.useDHCP = lib.mkDefault true; systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - home-manager = { - users.${adminUser.name} = { - imports = [ - ../../../home/profiles/minimal.nix - ]; - }; - }; - age.secrets.disk-unlock-key.file = ../../../secrets/bree/disk-unlock-key.age; age.secrets.disk-passphrase.file = ../../../secrets/bree/disk-passphrase.age; @@ -40,4 +28,10 @@ }; system.stateVersion = "23.11"; # Did you read the comment? + + home-manager.users.fcuny = { + imports = [ + ../../../home/profiles/minimal.nix + ]; + }; } diff --git a/machines/nixos/x86_64-linux/iso.nix b/machines/nixos/x86_64-linux/iso.nix index 89acbf7..c2ecd74 100644 --- a/machines/nixos/x86_64-linux/iso.nix +++ b/machines/nixos/x86_64-linux/iso.nix @@ -1,23 +1,22 @@ -{ adminUser, modulesPath, ... }: +{ modulesPath, ... }: { # run `nix build .#nixosConfigurations.iso.config.system.build.isoImage` to build the image imports = [ "${modulesPath}/installer/cd-dvd/channel.nix" "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ../../../profiles/home-manager.nix + ../../../profiles/users/fcuny.nix ]; boot.loader.grub.efiSupport = true; boot.loader.grub.efiInstallAsRemovable = true; boot.loader.grub.device = "nodev"; - home-manager = { - users.${adminUser.name} = { - imports = [ - ../../../home/profiles/minimal.nix - ]; - }; - }; - system.stateVersion = "25.05"; # Did you read the comment? + + home-manager.users.fcuny = { + imports = [ + ../../../home/profiles/minimal.nix + ]; + }; } diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix index f106f83..0bd799c 100644 --- a/machines/nixos/x86_64-linux/rivendell.nix +++ b/machines/nixos/x86_64-linux/rivendell.nix @@ -1,9 +1,4 @@ -{ - lib, - config, - adminUser, - ... -}: +{ lib, config, ... }: { imports = [ ../../../profiles/authelia.nix @@ -18,6 +13,8 @@ ../../../profiles/remote-unlock.nix ../../../profiles/restic-backup.nix ../../../profiles/server.nix + ../../../profiles/users/builder.nix + ../../../profiles/users/fcuny.nix ../../../profiles/wireguard.nix ]; @@ -26,19 +23,6 @@ networking.useDHCP = lib.mkDefault true; systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - users.users.builder = { - openssh.authorizedKeys.keys = [ - # my personal key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - # remote builder ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" - ]; - isNormalUser = true; - group = "nogroup"; - }; - - nix.settings.trusted-users = [ "builder" ]; - services.website = { enable = true; openFirewall = true; @@ -84,14 +68,11 @@ openFirewall = true; }; - home-manager = { - users.${adminUser.name} = { - imports = [ - ../../../home/profiles/minimal.nix - ]; - inherit (adminUser) userinfo; - }; - }; - system.stateVersion = "23.11"; # Did you read the comment? + + home-manager.users.fcuny = { + imports = [ + ../../../home/profiles/minimal.nix + ]; + }; } diff --git a/modules/default-darwin.nix b/modules/default-darwin.nix index bf8c660..4b4daaa 100644 --- a/modules/default-darwin.nix +++ b/modules/default-darwin.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ - ./host-config.nix ./ssh.nix ]; } diff --git a/modules/default.nix b/modules/default.nix index f936646..257c72e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,10 +1,7 @@ { ... }: { imports = [ - ./home-manager.nix - ./host-config.nix ./remote-unlock.nix ./ssh.nix - ./user.nix ]; } diff --git a/modules/home-manager.nix b/modules/home-manager.nix deleted file mode 100644 index 7a9ae43..0000000 --- a/modules/home-manager.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - adminUser, - ... -}: -{ - home-manager = { - users.${adminUser.name} = { - home.username = "${adminUser.name}"; - inherit (adminUser) userinfo; - }; - }; -} diff --git a/modules/host-config.nix b/modules/host-config.nix deleted file mode 100644 index b10d85f..0000000 --- a/modules/host-config.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ lib, ... }: -let - inherit (lib) mkOption; - inherit (lib.types) - attrs - ; -in -{ - options = { - adminUser = mkOption { - type = attrs; - default = { }; - }; - }; -} diff --git a/modules/user.nix b/modules/user.nix deleted file mode 100644 index 8a9dafb..0000000 --- a/modules/user.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - adminUser, - pkgs, - ... -}: -{ - nix.settings.trusted-users = [ adminUser.name ]; - users = { - users.${adminUser.name} = { - inherit (adminUser) uid; - shell = pkgs.fish; - isNormalUser = true; - hashedPassword = "$6$Llw8m62nKMLLN9mm$3.a4CKUFlqwkG8vjBryLlBNwTwgH63vpg2nhYwRoQzG76Q91vTXnlYDujS4G5yGrWoatkKZx5epCx4/NAvRh2/"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - extraGroups = [ - "wheel" - ]; - }; - }; - - programs.fish.enable = true; -} diff --git a/profiles/darwin.nix b/profiles/darwin.nix index 736578c..8b260f5 100644 --- a/profiles/darwin.nix +++ b/profiles/darwin.nix @@ -1,9 +1,4 @@ -{ - lib, - pkgs, - adminUser, - ... -}: +{ lib, pkgs, ... }: { fonts.packages = with pkgs; [ source-code-pro @@ -45,7 +40,7 @@ # Touch ID for sudo auth security.pam.services.sudo_local.touchIdAuth = true; - system.primaryUser = adminUser.name; + system.primaryUser = "fcuny"; nix = { extraOptions = '' @@ -73,7 +68,7 @@ ]; trusted-users = [ "@admin" - adminUser.name + "fcuny" ]; experimental-features = lib.mkDefault [ "nix-command" diff --git a/profiles/defaults.nix b/profiles/defaults.nix index 8396599..d98daa0 100644 --- a/profiles/defaults.nix +++ b/profiles/defaults.nix @@ -116,6 +116,8 @@ security.sudo.wheelNeedsPassword = false; + programs.fish.enable = true; + environment.systemPackages = with pkgs; [ bottom curl diff --git a/profiles/home-manager.nix b/profiles/home-manager.nix index e2204ac..47919a9 100644 --- a/profiles/home-manager.nix +++ b/profiles/home-manager.nix @@ -3,7 +3,6 @@ hostName, inputs, config, - adminUser, ... }: { @@ -12,7 +11,6 @@ self hostName inputs - adminUser ; } // { diff --git a/profiles/users/builder.nix b/profiles/users/builder.nix new file mode 100644 index 0000000..32f318f --- /dev/null +++ b/profiles/users/builder.nix @@ -0,0 +1,15 @@ +{ ... }: +{ + nix.settings.trusted-users = [ "builder" ]; + + users.users.builder = { + openssh.authorizedKeys.keys = [ + # my personal key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + # remote builder ssh key + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" + ]; + isNormalUser = true; + group = "nogroup"; + }; +} diff --git a/profiles/users/fcuny.nix b/profiles/users/fcuny.nix new file mode 100644 index 0000000..1a2b490 --- /dev/null +++ b/profiles/users/fcuny.nix @@ -0,0 +1,24 @@ +{ pkgs, ... }: +{ + nix.settings.trusted-users = [ "fcuny" ]; + users.users.fcuny = { + uid = 1000; + shell = pkgs.fish; + isNormalUser = true; + hashedPassword = "$6$Llw8m62nKMLLN9mm$3.a4CKUFlqwkG8vjBryLlBNwTwgH63vpg2nhYwRoQzG76Q91vTXnlYDujS4G5yGrWoatkKZx5epCx4/NAvRh2/"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + extraGroups = [ + "wheel" + ]; + }; + + home-manager.users.fcuny = { + home.username = "fcuny"; + userinfo = { + email = "franck@fcuny.net"; + fullName = "Franck Cuny"; + }; + }; +} |