Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

restricted more of leylas configs behind full user

Browse source
This commit is contained in:
Leyla Becker 2024-09-03 14:24:11 -05:00
parent d9bb30a19d
commit 9b520878c4
6 changed files with 23 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/horizon/configuration.nix
View file

@ -16,9 +16,9 @@
sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
users.leyla.isNormalUser = true; users.leyla.isFullUser = true;
users.ester.isNormalUser = true; users.ester.isFullUser = true;
users.eve.isNormalUser = true; users.eve.isFullUser = true;
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

6
hosts/twilight/configuration.nix
View file

@ -17,14 +17,14 @@
sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
users.leyla = { users.leyla = {
isNormalUser = true; isFullUser = true;
hasPiperMouse = true; hasPiperMouse = true;
hasOpenRGBHardware = true; hasOpenRGBHardware = true;
hasViaKeyboard = true; hasViaKeyboard = true;
hasGPU = true; hasGPU = true;
}; };
users.ester.isNormalUser = true; users.ester.isFullUser = true;
users.eve.isNormalUser = true; users.eve.isFullUser = true;
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;

6
users/ester/default.nix
View file

@ -4,11 +4,11 @@ let
in in
{ {
options.users.ester = { options.users.ester = {
isNormalUser = lib.mkEnableOption "ester"; isFullUser = lib.mkEnableOption "ester";
}; };
config = { config = {
sops.secrets = lib.mkIf cfg.isNormalUser { sops.secrets = lib.mkIf cfg.isFullUser {
"passwords/ester" = { "passwords/ester" = {
neededForUsers = true; neededForUsers = true;
# sopsFile = ../secrets.yaml; # sopsFile = ../secrets.yaml;
@ -25,7 +25,7 @@ in
} }
( (
if cfg.isNormalUser then { if cfg.isFullUser then {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "networkmanager" ]; extraGroups = [ "networkmanager" ];

6
users/eve/default.nix
View file

@ -4,11 +4,11 @@ let
in in
{ {
options.users.eve = { options.users.eve = {
isNormalUser = lib.mkEnableOption "eve"; isFullUser = lib.mkEnableOption "eve";
}; };
config = { config = {
sops.secrets = lib.mkIf cfg.isNormalUser { sops.secrets = lib.mkIf cfg.isFullUser {
"passwords/eve" = { "passwords/eve" = {
neededForUsers = true; neededForUsers = true;
# sopsFile = ../secrets.yaml; # sopsFile = ../secrets.yaml;
@ -25,7 +25,7 @@ in
} }
( (
if cfg.isNormalUser then { if cfg.isFullUser then {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "networkmanager" ]; extraGroups = [ "networkmanager" ];

8
users/leyla/default.nix
View file

@ -8,7 +8,7 @@ in
]; ];
options.users.leyla = { options.users.leyla = {
isNormalUser = lib.mkEnableOption "create usable leyla user"; isFullUser = lib.mkEnableOption "create usable leyla user";
isThinUser = lib.mkEnableOption "create usable user but witohut user applications"; isThinUser = lib.mkEnableOption "create usable user but witohut user applications";
hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses"; hasPiperMouse = lib.mkEnableOption "install programs for managing piper supported mouses";
hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware"; hasOpenRGBHardware = lib.mkEnableOption "install programs for managing openRGB supported hardware";
@ -17,7 +17,7 @@ in
}; };
config = { config = {
sops.secrets = lib.mkIf cfg.isNormalUser { sops.secrets = lib.mkIf cfg.isFullUser {
"passwords/leyla" = { "passwords/leyla" = {
neededForUsers = true; neededForUsers = true;
# sopsFile = ../secrets.yaml; # sopsFile = ../secrets.yaml;
@ -34,7 +34,7 @@ in
} }
( (
if (cfg.isNormalUser || cfg.isThinUser) then { if (cfg.isFullUser || cfg.isThinUser) then {
isNormalUser = true; isNormalUser = true;
extraGroups = lib.mkMerge [ extraGroups = lib.mkMerge [
["networkmanager" "wheel" "docker"] ["networkmanager" "wheel" "docker"]
@ -50,6 +50,6 @@ in
) )
]; ];
home-manager.users.leyla = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) (import ./home.nix); home-manager.users.leyla = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (import ./home.nix);
}; };
} }

14
users/leyla/packages.nix
View file

@ -8,21 +8,21 @@ in
../../overlays/vscodium.nix ../../overlays/vscodium.nix
]; ];
programs.bash.shellAliases = { programs.bash.shellAliases = lib.mkIf cfg.isFullUser ({
code = "codium"; code = "codium";
}; });
programs.steam = { programs.steam = lib.mkIf cfg.isFullUser ({
enable = true; enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
}; });
programs.noisetorch.enable = true; programs.noisetorch.enable = cfg.isFullUser;
programs.adb.enable = true; programs.adb.enable = cfg.isFullUser;
users.users.leyla.packages = lib.mkIf (cfg.isNormalUser || cfg.isThinUser) ( users.users.leyla.packages = lib.mkIf (cfg.isFullUser || cfg.isThinUser) (
lib.mkMerge [ lib.mkMerge [
( (
with pkgs; [ with pkgs; [