From dacf64ca7fd6d6d2cf927c709a74cb7adc8e6236 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Tue, 30 Dec 2025 19:02:53 -0800 Subject: add back some abstractions related to user management --- flake.nix | 22 ++++++++++++++++++++++ home/profiles/work.nix | 2 +- machines/argonath.nix | 7 ++++--- machines/bree.nix | 12 +++++++++--- machines/iso.nix | 7 ++++--- machines/mba-personal.nix | 16 ++++++---------- machines/mbp-work.nix | 16 ++++++---------- machines/rivendell.nix | 14 +++++++++++--- modules/default-darwin.nix | 1 + modules/default.nix | 1 + modules/host-config.nix | 9 +++++++++ profiles/darwin.nix | 11 ++++++++--- profiles/home-manager.nix | 2 ++ profiles/makemkv.nix | 4 ++-- profiles/users/admin-user.nix | 22 ++++++++++++++++++++++ profiles/users/fcuny.nix | 24 ------------------------ profiles/users/home-manager.nix | 7 +++++++ 17 files changed, 115 insertions(+), 62 deletions(-) create mode 100644 modules/host-config.nix create mode 100644 profiles/users/admin-user.nix delete mode 100644 profiles/users/fcuny.nix create mode 100644 profiles/users/home-manager.nix diff --git a/flake.nix b/flake.nix index 6bda8cf..595783d 100644 --- a/flake.nix +++ b/flake.nix @@ -94,6 +94,15 @@ }; }; + adminUser = { + name = "fcuny"; + uid = 1000; + userinfo = { + email = "franck@fcuny.net"; + fullName = "Franck Cuny"; + }; + }; + defaultModules = [ nixSettings agenix.nixosModules.age @@ -137,6 +146,13 @@ HQ-KWNY2VH41P = { system = "aarch64-darwin"; config = ./machines/mbp-work.nix; + adminUser = { + name = "fcuny"; + userinfo = { + email = "fcuny@roblox.com"; + fullName = "Franck Cuny"; + }; + }; }; }; }; @@ -145,15 +161,18 @@ name: machine: let pkgs = pkgsFor machine.system; + machineAdminUser = machine.adminUser or adminUser; in nixpkgs.lib.nixosSystem { inherit (machine) system; specialArgs = { hostName = name; + adminUser = machineAdminUser; inherit self inputs; hostConfigurations = nixpkgs.lib.mapAttrs (_: conf: conf.config) nixosConfigurations; }; modules = [ + { adminUser = machineAdminUser; } { system.configurationRevision = self.rev or self.dirtyRev or null; system.nixos.versionSuffix = nixpkgs.lib.mkForce "git.${builtins.substring 0 11 nixpkgs.rev}"; @@ -173,14 +192,17 @@ name: machine: let pkgs = pkgsFor machine.system; + machineAdminUser = machine.adminUser or adminUser; in darwin.lib.darwinSystem { inherit (machine) system; specialArgs = { hostName = name; + adminUser = machineAdminUser; inherit self inputs; }; modules = [ + { adminUser = machineAdminUser; } { nixpkgs.pkgs = pkgs; nixpkgs.hostPlatform = machine.system; diff --git a/home/profiles/work.nix b/home/profiles/work.nix index c00dc71..7b9e138 100644 --- a/home/profiles/work.nix +++ b/home/profiles/work.nix @@ -54,7 +54,7 @@ builtins.concatMap (env: [ { name = "ssh-sign-${env.alias}"; - value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=/Users/fcuny/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key"; + value = "${pkgs.hashi}/bin/hashi -e ${env.name} sign --output-path=${config.home.homeDirectory}/.ssh/${env.alias}-cert.pub --key=(${pkgs._1password-cli}/bin/op read 'op://employee/default rbx ssh key/public key'|psub) key"; } { name = "hashi-${env.alias}"; diff --git a/machines/argonath.nix b/machines/argonath.nix index 29d78ae..0c141dc 100644 --- a/machines/argonath.nix +++ b/machines/argonath.nix @@ -1,4 +1,4 @@ -{ ... }: +{ adminUser, ... }: { imports = [ ../profiles/acme.nix @@ -11,14 +11,15 @@ ../profiles/reverse-proxy.nix ../profiles/server.nix ../profiles/wireguard.nix - ../profiles/users/fcuny.nix + ../profiles/users/home-manager.nix + ../profiles/users/admin-user.nix ]; networking.hostName = "argonath"; system.stateVersion = "25.05"; # Did you read the comment? - home-manager.users.fcuny = { + home-manager.users.${adminUser.name} = { imports = [ ../home/profiles/minimal.nix ]; diff --git a/machines/bree.nix b/machines/bree.nix index d779ce3..a633997 100644 --- a/machines/bree.nix +++ b/machines/bree.nix @@ -1,4 +1,9 @@ -{ lib, config, ... }: +{ + adminUser, + lib, + config, + ... +}: { imports = [ ../profiles/cgroups.nix @@ -8,7 +13,8 @@ ../profiles/hardware/synology-vm.nix ../profiles/home-manager.nix ../profiles/server.nix - ../profiles/users/fcuny.nix + ../profiles/users/admin-user.nix + ../profiles/users/home-manager.nix ../profiles/wireguard.nix ]; @@ -30,7 +36,7 @@ system.stateVersion = "23.11"; # Did you read the comment? - home-manager.users.fcuny = { + home-manager.users.${adminUser.name} = { imports = [ ../home/profiles/minimal.nix ]; diff --git a/machines/iso.nix b/machines/iso.nix index a636508..4d54054 100644 --- a/machines/iso.nix +++ b/machines/iso.nix @@ -1,11 +1,12 @@ -{ modulesPath, ... }: +{ adminUser, modulesPath, ... }: { # run `nix build .#nixosConfigurations.iso.config.system.build.isoImage` to build the image imports = [ "${modulesPath}/installer/cd-dvd/channel.nix" "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" ../profiles/home-manager.nix - ../profiles/users/fcuny.nix + ../profiles/users/admin-user.nix + ../profiles/users/home-manager.nix ]; boot.loader.grub.efiSupport = true; @@ -16,7 +17,7 @@ programs.fish.enable = true; - home-manager.users.fcuny = { + home-manager.users.${adminUser.name} = { imports = [ ../home/profiles/minimal.nix ]; diff --git a/machines/mba-personal.nix b/machines/mba-personal.nix index 0804043..5b0487c 100644 --- a/machines/mba-personal.nix +++ b/machines/mba-personal.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ adminUser, pkgs, ... }: { age.secrets.ssh-remote-builder.file = ../secrets/ssh-remote-builder.age; @@ -13,22 +13,18 @@ networking.hostName = "mba-m2"; - users.users.fcuny = { - home = "/Users/fcuny"; + users.users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; shell = pkgs.fish; }; - home-manager.users.fcuny = { + home-manager.users.${adminUser.name} = { home.stateVersion = "23.05"; - home.username = "fcuny"; - home.homeDirectory = "/Users/fcuny"; + home.homeDirectory = "/Users/${adminUser.name}"; imports = [ ../home/profiles/darwin.nix ../home/profiles/personal.nix ]; - userinfo = { - email = "franck@fcuny.net"; - fullName = "Franck Cuny"; - }; + inherit (adminUser) userinfo; }; } diff --git a/machines/mbp-work.nix b/machines/mbp-work.nix index 8050987..b0541ac 100644 --- a/machines/mbp-work.nix +++ b/machines/mbp-work.nix @@ -1,26 +1,22 @@ -{ pkgs, ... }: +{ adminUser, pkgs, ... }: { imports = [ ../profiles/darwin.nix ../profiles/home-manager.nix + ../profiles/users/home-manager.nix ]; - users.users.fcuny = { - home = "/Users/fcuny"; + users.users.${adminUser.name} = { + home = "/Users/${adminUser.name}"; shell = pkgs.fish; }; - home-manager.users.fcuny = { + home-manager.users.${adminUser.name} = { home.stateVersion = "23.05"; - home.username = "fcuny"; - home.homeDirectory = "/Users/fcuny"; + home.homeDirectory = "/Users/${adminUser.name}"; imports = [ ../home/profiles/mac.nix ../home/profiles/work.nix ]; - userinfo = { - email = "fcuny@roblox.com"; - fullName = "Franck Cuny"; - }; }; } diff --git a/machines/rivendell.nix b/machines/rivendell.nix index c295d24..33fe6f8 100644 --- a/machines/rivendell.nix +++ b/machines/rivendell.nix @@ -1,4 +1,9 @@ -{ lib, config, ... }: +{ + adminUser, + lib, + config, + ... +}: { imports = [ ../profiles/authelia.nix @@ -17,7 +22,8 @@ ../profiles/server.nix ../profiles/storage-media.nix ../profiles/users/builder.nix - ../profiles/users/fcuny.nix + ../profiles/users/admin-user.nix + ../profiles/users/home-manager.nix ../profiles/wireguard.nix ]; @@ -76,5 +82,7 @@ system.stateVersion = "23.11"; - home-manager.users.fcuny.imports = [ ../home/profiles/minimal.nix ]; + home-manager.users.${adminUser.name} = { + imports = [ ../home/profiles/minimal.nix ]; + }; } diff --git a/modules/default-darwin.nix b/modules/default-darwin.nix index 4b4daaa..d420292 100644 --- a/modules/default-darwin.nix +++ b/modules/default-darwin.nix @@ -2,5 +2,6 @@ { imports = [ ./ssh.nix + ./host-config.nix ]; } diff --git a/modules/default.nix b/modules/default.nix index 257c72e..041a388 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -3,5 +3,6 @@ imports = [ ./remote-unlock.nix ./ssh.nix + ./host-config.nix ]; } diff --git a/modules/host-config.nix b/modules/host-config.nix new file mode 100644 index 0000000..5bb5e94 --- /dev/null +++ b/modules/host-config.nix @@ -0,0 +1,9 @@ +{ lib, ... }: +{ + options = { + adminUser = lib.mkOption { + type = lib.types.attrs; + default = { }; + }; + }; +} diff --git a/profiles/darwin.nix b/profiles/darwin.nix index dadc7b9..d1e13a5 100644 --- a/profiles/darwin.nix +++ b/profiles/darwin.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, ... }: +{ + adminUser, + lib, + pkgs, + ... +}: { fonts.packages = with pkgs; [ dejavu_fonts @@ -41,7 +46,7 @@ # Touch ID for sudo auth security.pam.services.sudo_local.touchIdAuth = true; - system.primaryUser = "fcuny"; + system.primaryUser = adminUser.name; environment.shells = [ pkgs.fish ]; @@ -80,7 +85,7 @@ ]; trusted-users = [ "@admin" - "fcuny" + adminUser.name ]; experimental-features = lib.mkDefault [ "nix-command" diff --git a/profiles/home-manager.nix b/profiles/home-manager.nix index 47919a9..eb7c94d 100644 --- a/profiles/home-manager.nix +++ b/profiles/home-manager.nix @@ -1,5 +1,6 @@ { self, + adminUser, hostName, inputs, config, @@ -10,6 +11,7 @@ inherit self hostName + adminUser inputs ; } diff --git a/profiles/makemkv.nix b/profiles/makemkv.nix index 8daa4fd..6bbc243 100644 --- a/profiles/makemkv.nix +++ b/profiles/makemkv.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ adminUser, pkgs, ... }: { environment.systemPackages = with pkgs; [ ffmpeg @@ -8,5 +8,5 @@ boot.kernelModules = [ "sg" ]; - users.users.fcuny.extraGroups = [ "cdrom" ]; + users.users.${adminUser.name}.extraGroups = [ "cdrom" ]; } diff --git a/profiles/users/admin-user.nix b/profiles/users/admin-user.nix new file mode 100644 index 0000000..1471ef7 --- /dev/null +++ b/profiles/users/admin-user.nix @@ -0,0 +1,22 @@ +{ + adminUser, + pkgs, + ... +}: +{ + nix.settings.trusted-users = [ adminUser.name ]; + + users.users.${adminUser.name} = { + inherit (adminUser) uid; + shell = pkgs.fish; + isNormalUser = true; + hashedPassword = "$y$j9T$U3mXpCzXC1VUp8wV5snJz/$32vTk0KwVXvP/jLO13nMlGPHy0nCe4ZtebdvqU4hwmD"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + extraGroups = [ + "wheel" + "docker" + ]; + }; +} diff --git a/profiles/users/fcuny.nix b/profiles/users/fcuny.nix deleted file mode 100644 index 9d4e1e2..0000000 --- a/profiles/users/fcuny.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ pkgs, ... }: -{ - nix.settings.trusted-users = [ "fcuny" ]; - users.users.fcuny = { - uid = 1000; - shell = pkgs.fish; - isNormalUser = true; - hashedPassword = "$y$j9T$U3mXpCzXC1VUp8wV5snJz/$32vTk0KwVXvP/jLO13nMlGPHy0nCe4ZtebdvqU4hwmD"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - extraGroups = [ - "wheel" - ]; - }; - - home-manager.users.fcuny = { - home.username = "fcuny"; - userinfo = { - email = "franck@fcuny.net"; - fullName = "Franck Cuny"; - }; - }; -} diff --git a/profiles/users/home-manager.nix b/profiles/users/home-manager.nix new file mode 100644 index 0000000..f84f359 --- /dev/null +++ b/profiles/users/home-manager.nix @@ -0,0 +1,7 @@ +{ adminUser, ... }: +{ + home-manager.users.${adminUser.name} = { + home.username = "${adminUser.name}"; + inherit (adminUser) userinfo; + }; +} -- cgit v1.2.3