restructured project to split out home manager

2024-11-22 00:51:10 -06:00 · 2024-11-22 00:51:10 -06:00 · 18f51a65c2
commit 18f51a65c2
parent c8e7944da5
24 changed files with 421 additions and 254 deletions
--- a/enviroments/common/default.nix
+++ b/enviroments/common/default.nix
@ -4,7 +4,7 @@
  ...
 }: {
  imports = [
-    ../../users
+    ./users
  ];

  nix = {
--- a/enviroments/common/users/default.nix
+++ b/enviroments/common/users/default.nix
@ -0,0 +1,9 @@
+{...}: {
+  imports = [
+    ./leyla
+    ./ester
+    ./eve
+  ];
+
+  users.mutableUsers = false;
+}
--- a/enviroments/common/users/ester/default.nix
+++ b/enviroments/common/users/ester/default.nix
@ -0,0 +1,36 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}: let
+  cfg = config.nixos.users.ester;
+in {
+  options.nixos.users.ester = {
+    isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
+  };
+
+  config = {
+    nixpkgs.config.allowUnfree = true;
+
+    sops.secrets = lib.mkIf cfg.isDesktopUser {
+      "passwords/ester" = {
+        neededForUsers = true;
+        sopsFile = "${inputs.secrets}/user-passwords.yaml";
+      };
+    };
+
+    users.users.ester = (
+      if cfg.isDesktopUser
+      then {
+        isNormalUser = true;
+        extraGroups = ["networkmanager"];
+
+        hashedPasswordFile = config.sops.secrets."passwords/ester".path;
+      }
+      else {
+        isSystemUser = true;
+      }
+    );
+  };
+}
--- a/enviroments/common/users/eve/default.nix
+++ b/enviroments/common/users/eve/default.nix
@ -0,0 +1,36 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}: let
+  cfg = config.nixos.users.eve;
+in {
+  options.nixos.users.eve = {
+    isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
+  };
+
+  config = {
+    nixpkgs.config.allowUnfree = true;
+
+    sops.secrets = lib.mkIf cfg.isDesktopUser {
+      "passwords/eve" = {
+        neededForUsers = true;
+        sopsFile = "${inputs.secrets}/user-passwords.yaml";
+      };
+    };
+
+    users.users.eve = (
+      if cfg.isDesktopUser
+      then {
+        isNormalUser = true;
+        extraGroups = ["networkmanager"];
+
+        hashedPasswordFile = config.sops.secrets."passwords/eve".path;
+      }
+      else {
+        isSystemUser = true;
+      }
+    );
+  };
+}
--- a/enviroments/common/users/leyla/default.nix
+++ b/enviroments/common/users/leyla/default.nix
@ -0,0 +1,78 @@
+{
+  lib,
+  config,
+  inputs,
+  ...
+}: let
+  cfg = config.nixos.users.leyla;
+in {
+  options.nixos.users.leyla = {
+    isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
+    isTerminalUser = lib.mkEnableOption "install applications intended for terminal use";
+    hasGPU = lib.mkEnableOption "installs gpu intensive programs";
+  };
+
+  config = {
+    nixpkgs.config.allowUnfree = true;
+
+    sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) {
+      "passwords/leyla" = {
+        neededForUsers = true;
+        sopsFile = "${inputs.secrets}/user-passwords.yaml";
+      };
+    };
+
+    users.users.leyla = (
+      if (cfg.isDesktopUser || cfg.isTerminalUser)
+      then {
+        isNormalUser = true;
+        extraGroups = (
+          ["networkmanager" "wheel" "dialout"]
+          ++ lib.lists.optional (!cfg.isTerminalUser) "adbusers"
+        );
+
+        hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
+
+        openssh = {
+          authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
+          ];
+        };
+      }
+      else {
+        isSystemUser = true;
+      }
+    );
+
+    services = {
+      # ollama = {
+      #   enable = cfg.hasGPU;
+      #   acceleration = "cuda";
+      # };
+
+      # TODO: this should reference the home directory from the user config
+      openssh.hostKeys = [
+        {
+          comment = "leyla@" + config.networking.hostName;
+          path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519";
+          rounds = 100;
+          type = "ed25519";
+        }
+      ];
+    };
+
+    programs = {
+      steam = lib.mkIf cfg.isDesktopUser {
+        enable = true;
+        remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+        dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer
+        localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
+      };
+
+      noisetorch.enable = cfg.isDesktopUser;
+
+      adb.enable = cfg.isDesktopUser;
+    };
+  };
+}