add back some abstractions related to user management

author: Franck Cuny <franck@fcuny.net> 2025-12-30 19:02:53 -0800
committer: Franck Cuny <franck@fcuny.net> 2025-12-30 19:02:53 -0800
commit: dacf64ca7fd6d6d2cf927c709a74cb7adc8e6236 (patch)
tree: b57889c0d611f11bdecba29c7a777c6100ba92df
parent: include relevant programs in work profile (diff)
download: infra-dacf64ca7fd6d6d2cf927c709a74cb7adc8e6236.tar.gz
16 files changed, 103 insertions, 50 deletions
diff --git a/flake.nix b/flake.nix
index 6bda8cf..595783d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -94,6 +94,15 @@
         };
       };
 
+      adminUser = {
+        name = "fcuny";
+        uid = 1000;
+        userinfo = {
+          email = "franck@fcuny.net";
+          fullName = "Franck Cuny";
+        };
+      };
+
       defaultModules = [
         nixSettings
         agenix.nixosModules.age
@@ -137,6 +146,13 @@
           HQ-KWNY2VH41P = {
             system = "aarch64-darwin";
             config = ./machines/mbp-work.nix;
+            adminUser = {
+              name = "fcuny";
+              userinfo = {
+                email = "fcuny@roblox.com";
+                fullName = "Franck Cuny";
+              };
+            };
           };
         };
       };
@@ -145,15 +161,18 @@
         name: machine:
         let
           pkgs = pkgsFor machine.system;
+          machineAdminUser = machine.adminUser or adminUser;
         in
         nixpkgs.lib.nixosSystem {
           inherit (machine) system;
           specialArgs = {
             hostName = name;
+            adminUser = machineAdminUser;
             inherit self inputs;
             hostConfigurations = nixpkgs.lib.mapAttrs (_: conf: conf.config) nixosConfigurations;
           };
           modules = [
+            { adminUser = machineAdminUser; }
             {
               system.configurationRevision = self.rev or self.dirtyRev or null;
               system.nixos.versionSuffix = nixpkgs.lib.mkForce "git.${builtins.substring 0 11 nixpkgs.rev}";
@@ -173,14 +192,17 @@
         name: machine:
         let
           pkgs = pkgsFor machine.system;
+          machineAdminUser = machine.adminUser or adminUser;
         in
         darwin.lib.darwinSystem {
           inherit (machine) system;
           specialArgs = {
             hostName = name;
+            adminUser = machineAdminUser;
             inherit self inputs;
           };
           modules = [
+            { adminUser = machineAdminUser; }
             {
               nixpkgs.pkgs = pkgs;
               nixpkgs.hostPlatform = machine.system;
diff --git a/home/profiles/work.nix b/home/profiles/work.nix
index c00dc71..7b9e138 100644
--- a/home/profiles/work.nix
+++ b/home/profiles/work.nix
@@ -54,7 +54,7 @@
           builtins.concatMap (env: [
             {
               name = "ssh-sign-${env.alias}";
-              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key";
+              value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=${config.home.homeDirectory}/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key";
             }
             {
               name = "hashi-${env.alias}";
diff --git a/machines/argonath.nix b/machines/argonath.nix
index 29d78ae..0c141dc 100644
--- a/machines/argonath.nix
+++ b/machines/argonath.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ adminUser, ... }:
 {
   imports = [
     ../profiles/acme.nix
@@ -11,14 +11,15 @@
     ../profiles/reverse-proxy.nix
     ../profiles/server.nix
     ../profiles/wireguard.nix
-    ../profiles/users/fcuny.nix
+    ../profiles/users/home-manager.nix
+    ../profiles/users/admin-user.nix
   ];
 
   networking.hostName = "argonath";
 
   system.stateVersion = "25.05"; # Did you read the comment?
 
-  home-manager.users.fcuny = {
+  home-manager.users.${adminUser.name} = {
     imports = [
       ../home/profiles/minimal.nix
     ];
diff --git a/machines/bree.nix b/machines/bree.nix
index d779ce3..a633997 100644
--- a/machines/bree.nix
+++ b/machines/bree.nix
@@ -1,4 +1,9 @@
-{ lib, config, ... }:
+{
+  adminUser,
+  lib,
+  config,
+  ...
+}:
 {
   imports = [
     ../profiles/cgroups.nix
@@ -8,7 +13,8 @@
     ../profiles/hardware/synology-vm.nix
     ../profiles/home-manager.nix
     ../profiles/server.nix
-    ../profiles/users/fcuny.nix
+    ../profiles/users/admin-user.nix
+    ../profiles/users/home-manager.nix
     ../profiles/wireguard.nix
   ];
 
@@ -30,7 +36,7 @@
 
   system.stateVersion = "23.11"; # Did you read the comment?
 
-  home-manager.users.fcuny = {
+  home-manager.users.${adminUser.name} = {
     imports = [
       ../home/profiles/minimal.nix
     ];
diff --git a/machines/iso.nix b/machines/iso.nix
index a636508..4d54054 100644
--- a/machines/iso.nix
+++ b/machines/iso.nix
@@ -1,11 +1,12 @@
-{ modulesPath, ... }:
+{ adminUser, modulesPath, ... }:
 {
   # run `nix build .#nixosConfigurations.iso.config.system.build.isoImage` to build the image
   imports = [
     "${modulesPath}/installer/cd-dvd/channel.nix"
     "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
     ../profiles/home-manager.nix
-    ../profiles/users/fcuny.nix
+    ../profiles/users/admin-user.nix
+    ../profiles/users/home-manager.nix
   ];
 
   boot.loader.grub.efiSupport = true;
@@ -16,7 +17,7 @@
 
   programs.fish.enable = true;
 
-  home-manager.users.fcuny = {
+  home-manager.users.${adminUser.name} = {
     imports = [
       ../home/profiles/minimal.nix
     ];
diff --git a/machines/mba-personal.nix b/machines/mba-personal.nix
index 0804043..5b0487c 100644
--- a/machines/mba-personal.nix
+++ b/machines/mba-personal.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ adminUser, pkgs, ... }:
 {
   age.secrets.ssh-remote-builder.file = ../secrets/ssh-remote-builder.age;
 
@@ -13,22 +13,18 @@
 
   networking.hostName = "mba-m2";
 
-  users.users.fcuny = {
-    home = "/Users/fcuny";
+  users.users.${adminUser.name} = {
+    home = "/Users/${adminUser.name}";
     shell = pkgs.fish;
   };
 
-  home-manager.users.fcuny = {
+  home-manager.users.${adminUser.name} = {
     home.stateVersion = "23.05";
-    home.username = "fcuny";
-    home.homeDirectory = "/Users/fcuny";
+    home.homeDirectory = "/Users/${adminUser.name}";
     imports = [
       ../home/profiles/darwin.nix
       ../home/profiles/personal.nix
     ];
-    userinfo = {
-      email = "franck@fcuny.net";
-      fullName = "Franck Cuny";
-    };
+    inherit (adminUser) userinfo;
   };
 }
diff --git a/machines/mbp-work.nix b/machines/mbp-work.nix
index 8050987..b0541ac 100644
--- a/machines/mbp-work.nix
+++ b/machines/mbp-work.nix
@@ -1,26 +1,22 @@
-{ pkgs, ... }:
+{ adminUser, pkgs, ... }:
 {
   imports = [
     ../profiles/darwin.nix
     ../profiles/home-manager.nix
+    ../profiles/users/home-manager.nix
   ];
 
-  users.users.fcuny = {
-    home = "/Users/fcuny";
+  users.users.${adminUser.name} = {
+    home = "/Users/${adminUser.name}";
     shell = pkgs.fish;
   };
 
-  home-manager.users.fcuny = {
+  home-manager.users.${adminUser.name} = {
     home.stateVersion = "23.05";
-    home.username = "fcuny";
-    home.homeDirectory = "/Users/fcuny";
+    home.homeDirectory = "/Users/${adminUser.name}";
     imports = [
       ../home/profiles/mac.nix
       ../home/profiles/work.nix
     ];
-    userinfo = {
-      email = "fcuny@roblox.com";
-      fullName = "Franck Cuny";
-    };
   };
 }
diff --git a/machines/rivendell.nix b/machines/rivendell.nix
index c295d24..33fe6f8 100644
--- a/machines/rivendell.nix
+++ b/machines/rivendell.nix
@@ -1,4 +1,9 @@
-{ lib, config, ... }:
+{
+  adminUser,
+  lib,
+  config,
+  ...
+}:
 {
   imports = [
     ../profiles/authelia.nix
@@ -17,7 +22,8 @@
     ../profiles/server.nix
     ../profiles/storage-media.nix
     ../profiles/users/builder.nix
-    ../profiles/users/fcuny.nix
+    ../profiles/users/admin-user.nix
+    ../profiles/users/home-manager.nix
     ../profiles/wireguard.nix
   ];
 
@@ -76,5 +82,7 @@
 
   system.stateVersion = "23.11";
 
-  home-manager.users.fcuny.imports = [ ../home/profiles/minimal.nix ];
+  home-manager.users.${adminUser.name} = {
+    imports = [ ../home/profiles/minimal.nix ];
+  };
 }
diff --git a/modules/default-darwin.nix b/modules/default-darwin.nix
index 4b4daaa..d420292 100644
--- a/modules/default-darwin.nix
+++ b/modules/default-darwin.nix
@@ -2,5 +2,6 @@
 {
   imports = [
     ./ssh.nix
+    ./host-config.nix
   ];
 }
diff --git a/modules/default.nix b/modules/default.nix
index 257c72e..041a388 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -3,5 +3,6 @@
   imports = [
     ./remote-unlock.nix
     ./ssh.nix
+    ./host-config.nix
   ];
 }
diff --git a/modules/host-config.nix b/modules/host-config.nix
new file mode 100644
index 0000000..5bb5e94
--- /dev/null
+++ b/modules/host-config.nix
@@ -0,0 +1,9 @@
+{ lib, ... }:
+{
+  options = {
+    adminUser = lib.mkOption {
+      type = lib.types.attrs;
+      default = { };
+    };
+  };
+}
diff --git a/profiles/darwin.nix b/profiles/darwin.nix
index dadc7b9..d1e13a5 100644
--- a/profiles/darwin.nix
+++ b/profiles/darwin.nix
@@ -1,4 +1,9 @@
-{ lib, pkgs, ... }:
+{
+  adminUser,
+  lib,
+  pkgs,
+  ...
+}:
 {
   fonts.packages = with pkgs; [
     dejavu_fonts
@@ -41,7 +46,7 @@
   # Touch ID for sudo auth
   security.pam.services.sudo_local.touchIdAuth = true;
 
-  system.primaryUser = "fcuny";
+  system.primaryUser = adminUser.name;
 
   environment.shells = [ pkgs.fish ];
 
@@ -80,7 +85,7 @@
       ];
       trusted-users = [
         "@admin"
-        "fcuny"
+        adminUser.name
       ];
       experimental-features = lib.mkDefault [
         "nix-command"
diff --git a/profiles/home-manager.nix b/profiles/home-manager.nix
index 47919a9..eb7c94d 100644
--- a/profiles/home-manager.nix
+++ b/profiles/home-manager.nix
@@ -1,5 +1,6 @@
 {
   self,
+  adminUser,
   hostName,
   inputs,
   config,
@@ -10,6 +11,7 @@
     inherit
       self
       hostName
+      adminUser
       inputs
       ;
   }
diff --git a/profiles/makemkv.nix b/profiles/makemkv.nix
index 8daa4fd..6bbc243 100644
--- a/profiles/makemkv.nix
+++ b/profiles/makemkv.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ adminUser, pkgs, ... }:
 {
   environment.systemPackages = with pkgs; [
     ffmpeg
@@ -8,5 +8,5 @@
 
   boot.kernelModules = [ "sg" ];
 
-  users.users.fcuny.extraGroups = [ "cdrom" ];
+  users.users.${adminUser.name}.extraGroups = [ "cdrom" ];
 }
diff --git a/profiles/users/fcuny.nix b/profiles/users/admin-user.nix
index 9d4e1e2..1471ef7 100644
--- a/profiles/users/fcuny.nix
+++ b/profiles/users/admin-user.nix
@@ -1,8 +1,13 @@
-{ pkgs, ... }:
 {
-  nix.settings.trusted-users = [ "fcuny" ];
-  users.users.fcuny = {
-    uid = 1000;
+  adminUser,
+  pkgs,
+  ...
+}:
+{
+  nix.settings.trusted-users = [ adminUser.name ];
+
+  users.users.${adminUser.name} = {
+    inherit (adminUser) uid;
     shell = pkgs.fish;
     isNormalUser = true;
     hashedPassword = "$y$j9T$U3mXpCzXC1VUp8wV5snJz/$32vTk0KwVXvP/jLO13nMlGPHy0nCe4ZtebdvqU4hwmD";
@@ -11,14 +16,7 @@
     ];
     extraGroups = [
       "wheel"
+      "docker"
     ];
   };
-
-  home-manager.users.fcuny = {
-    home.username = "fcuny";
-    userinfo = {
-      email = "franck@fcuny.net";
-      fullName = "Franck Cuny";
-    };
-  };
 }
diff --git a/profiles/users/home-manager.nix b/profiles/users/home-manager.nix
new file mode 100644
index 0000000..f84f359
--- /dev/null
+++ b/profiles/users/home-manager.nix
@@ -0,0 +1,7 @@
+{ adminUser, ... }:
+{
+  home-manager.users.${adminUser.name} = {
+    home.username = "${adminUser.name}";
+    inherit (adminUser) userinfo;
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-12-30 19:02:53 -0800
committer	Franck Cuny <franck@fcuny.net>	2025-12-30 19:02:53 -0800
commit	dacf64ca7fd6d6d2cf927c709a74cb7adc8e6236 (patch)
tree	b57889c0d611f11bdecba29c7a777c6100ba92df
parent	include relevant programs in work profile (diff)
download	infra-dacf64ca7fd6d6d2cf927c709a74cb7adc8e6236.tar.gz