Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

removed users from common

Browse source 
removed common hardware
This commit is contained in:
Leyla Becker 2024-11-24 00:47:36 -06:00
parent d6cccdc41b
commit ddc087a548
22 changed files with 400 additions and 420 deletions
Download patch file Download diff file Expand all files Collapse all files

128
enviroments/common/default.nix
View file

@ -1,11 +1,5 @@
{ {pkgs, ...}: {
pkgs, imports = [];
lib,
...
}: {
imports = [
./users
];
nix = { nix = {
settings = { settings = {
@ -40,124 +34,6 @@
LC_TIME = "en_US.UTF-8"; LC_TIME = "en_US.UTF-8";
}; };
users = {
users = {
leyla = {
uid = 1000;
description = "Leyla";
group = "leyla";
home = "/home/leyla";
};
ester = {
uid = 1001;
description = "Ester";
group = "ester";
home = "/home/ester";
};
eve = {
uid = 1002;
description = "Eve";
group = "eve";
home = "/home/eve";
};
jellyfin = {
uid = 2000;
group = "jellyfin";
isSystemUser = true;
};
forgejo = {
uid = 2002;
group = "forgejo";
isSystemUser = true;
};
pihole = {
uid = 2003;
group = "pihole";
isSystemUser = true;
};
hass = {
uid = lib.mkForce 2004;
group = "hass";
isSystemUser = true;
};
headscale = {
uid = 2005;
group = "headscale";
isSystemUser = true;
};
nextcloud = {
uid = 2006;
group = "nextcloud";
isSystemUser = true;
};
};
groups = {
leyla = {
gid = 1000;
members = ["lelya"];
};
ester = {
gid = 1001;
members = ["ester"];
};
eve = {
gid = 1002;
members = ["eve"];
};
users = {
gid = 100;
members = ["leyla" "ester" "eve"];
};
jellyfin = {
gid = 2000;
members = ["jellyfin" "leyla"];
};
jellyfin_media = {
gid = 2001;
members = ["jellyfin" "leyla" "ester" "eve"];
};
forgejo = {
gid = 2002;
members = ["forgejo" "leyla"];
};
pihole = {
gid = 2003;
members = ["pihole" "leyla"];
};
hass = {
gid = lib.mkForce 2004;
members = ["hass" "leyla"];
};
headscale = {
gid = 2005;
members = ["headscale"];
};
nextcloud = {
gid = 2006;
members = ["nextcloud"];
};
};
};
services = { services = {
automatic-timezoned = { automatic-timezoned = {
enable = true; enable = true;

9
enviroments/common/users/default.nix
View file

@ -1,9 +0,0 @@
{...}: {
imports = [
./leyla
./ester
./eve
];
users.mutableUsers = false;
}

36
enviroments/common/users/ester/default.nix
View file

@ -1,36 +0,0 @@
{
lib,
config,
inputs,
...
}: let
cfg = config.nixos.users.ester;
in {
options.nixos.users.ester = {
isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
};
config = {
nixpkgs.config.allowUnfree = true;
sops.secrets = lib.mkIf cfg.isDesktopUser {
"passwords/ester" = {
neededForUsers = true;
sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};
users.users.ester = (
if cfg.isDesktopUser
then {
isNormalUser = true;
extraGroups = ["networkmanager"];
hashedPasswordFile = config.sops.secrets."passwords/ester".path;
}
else {
isSystemUser = true;
}
);
};
}

36
enviroments/common/users/eve/default.nix
View file

@ -1,36 +0,0 @@
{
lib,
config,
inputs,
...
}: let
cfg = config.nixos.users.eve;
in {
options.nixos.users.eve = {
isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
};
config = {
nixpkgs.config.allowUnfree = true;
sops.secrets = lib.mkIf cfg.isDesktopUser {
"passwords/eve" = {
neededForUsers = true;
sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};
users.users.eve = (
if cfg.isDesktopUser
then {
isNormalUser = true;
extraGroups = ["networkmanager"];
hashedPasswordFile = config.sops.secrets."passwords/eve".path;
}
else {
isSystemUser = true;
}
);
};
}

78
enviroments/common/users/leyla/default.nix
View file

@ -1,78 +0,0 @@
{
lib,
config,
inputs,
...
}: let
cfg = config.nixos.users.leyla;
in {
options.nixos.users.leyla = {
isDesktopUser = lib.mkEnableOption "install applications intended for desktop use";
isTerminalUser = lib.mkEnableOption "install applications intended for terminal use";
hasGPU = lib.mkEnableOption "installs gpu intensive programs";
};
config = {
nixpkgs.config.allowUnfree = true;
sops.secrets = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) {
"passwords/leyla" = {
neededForUsers = true;
sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};
users.users.leyla = (
if (cfg.isDesktopUser || cfg.isTerminalUser)
then {
isNormalUser = true;
extraGroups = (
["networkmanager" "wheel" "dialout"]
++ lib.lists.optional (!cfg.isTerminalUser) "adbusers"
);
hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
openssh = {
authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHeItmt8TRW43uNcOC+eIurYC7Eunc0V3LGocQqLaYj leyla@horizon"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKBiZkg1c2aaNHiieBX4cEziqvJVj9pcDfzUrKU/mO0I leyla@twilight"
];
};
}
else {
isSystemUser = true;
}
);
services = {
# ollama = {
# enable = cfg.hasGPU;
# acceleration = "cuda";
# };
# TODO: this should reference the home directory from the user config
openssh.hostKeys = [
{
comment = "leyla@" + config.networking.hostName;
path = "/home/leyla/.ssh/leyla_" + config.networking.hostName + "_ed25519";
rounds = 100;
type = "ed25519";
}
];
};
programs = {
steam = lib.mkIf cfg.isDesktopUser {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated ServerServer
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
noisetorch.enable = cfg.isDesktopUser;
adb.enable = cfg.isDesktopUser;
};
};
}

12
homes/default.nix
View file

@ -1,5 +1,11 @@
{ {
leyla = import ./leyla; lib,
ester = import ./ester; config,
eve = import ./eve; ...
}: let
users = config.host.users;
in {
leyla = lib.mkIf users.leyla.isNormalUser (import ./leyla);
ester = lib.mkIf users.ester.isNormalUser (import ./ester);
eve = lib.mkIf users.eve.isNormalUser (import ./eve);
} }

4
homes/ester/default.nix
View file

@ -4,7 +4,7 @@
osConfig, osConfig,
... ...
}: let }: let
cfg = osConfig.nixos.users.ester; cfg = osConfig.host.users.ester;
in { in {
config = { config = {
home = { home = {
@ -54,7 +54,7 @@ in {
# EDITOR = "emacs"; # EDITOR = "emacs";
}; };
packages = lib.mkIf cfg.isDesktopUser ( packages = lib.lists.optionals cfg.isDesktopUser (
with pkgs; [ with pkgs; [
firefox firefox
bitwarden bitwarden

4
homes/eve/default.nix
View file

@ -4,7 +4,7 @@
osConfig, osConfig,
... ...
}: let }: let
cfg = osConfig.nixos.users.eve; cfg = osConfig.host.users.eve;
in { in {
config = { config = {
home = { home = {
@ -54,7 +54,7 @@ in {
# EDITOR = "emacs"; # EDITOR = "emacs";
}; };
packages = lib.mkIf cfg.isDesktopUser ( packages = lib.lists.optionals cfg.isDesktopUser (
with pkgs; [ with pkgs; [
firefox firefox
bitwarden bitwarden

2
homes/leyla/default.nix
View file

@ -12,7 +12,7 @@
# manage. # manage.
home = { home = {
username = "leyla"; username = "leyla";
homeDirectory = osConfig.users.users.leyla.home; # homeDirectory = osConfig.users.users.leyla.home;
# This value determines the Home Manager release that your configuration is # This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release # compatible with. This helps avoid breakage when a new Home Manager release

6
homes/leyla/firefox.nix
View file

@ -5,11 +5,9 @@
pkgs, pkgs,
inputs, inputs,
... ...
}: let }: {
cfg = osConfig.nixos.users.leyla;
in {
programs.firefox = { programs.firefox = {
enable = cfg.isDesktopUser; enable = true;
profiles.leyla = { profiles.leyla = {
settings = { settings = {
"browser.search.defaultenginename" = "Searx"; "browser.search.defaultenginename" = "Searx";

128
homes/leyla/packages.nix
View file

@ -4,7 +4,8 @@
pkgs, pkgs,
... ...
}: let }: let
cfg = osConfig.nixos.users.leyla; cfg = osConfig.host.users.leyla;
hardware = osConfig.host.hardware;
in { in {
imports = [ imports = [
./vscode.nix ./vscode.nix
@ -12,72 +13,69 @@ in {
]; ];
home = { home = {
packages = lib.mkIf (cfg.isDesktopUser || cfg.isTerminalUser) ( packages =
lib.mkMerge [ lib.lists.optionals cfg.isTerminalUser (
( with pkgs; [
# comand line tools
yt-dlp
ffmpeg
imagemagick
]
)
++ (
lib.lists.optionals cfg.isDesktopUser (
with pkgs; [ with pkgs; [
# comand line tools #foss platforms
yt-dlp signal-desktop
ffmpeg bitwarden
imagemagick ungoogled-chromium
libreoffice
inkscape
gimp
krita
freecad
# cura
# kicad-small
makemkv
transmission_4-gtk
onionshare
easytag
# rhythmbox
(lib.mkIf hardware.graphicsAcceleration.enable obs-studio)
# wireshark
# rpi-imager
# fritzing
mfoc
# proprietary platforms
discord
obsidian
steam
(lib.mkIf hardware.graphicsAcceleration.enable davinci-resolve)
anki-bin
# development tools
androidStudioPackages.canary
jetbrains.idea-community
dbeaver-bin
bruno
qFlipper
proxmark3
godot_4-mono
# system tools
protonvpn-gui
openvpn
nextcloud-client
noisetorch
# hardware managment tools
(lib.mkIf hardware.piperMouse.enable piper)
(lib.mkIf hardware.openRGB.enable openrgb)
(lib.mkIf hardware.viaKeyboard.enable via)
] ]
) )
( );
lib.mkIf (!cfg.isTerminalUser) (
with pkgs; [
#foss platforms
signal-desktop
bitwarden
ungoogled-chromium
libreoffice
inkscape
gimp
krita
freecad
# cura
# kicad-small
makemkv
transmission_4-gtk
onionshare
easytag
# rhythmbox
(lib.mkIf cfg.hasGPU obs-studio)
# wireshark
# rpi-imager
# fritzing
mfoc
# proprietary platforms
discord
obsidian
steam
(lib.mkIf cfg.hasGPU davinci-resolve)
anki-bin
# development tools
androidStudioPackages.canary
jetbrains.idea-community
dbeaver-bin
bruno
qFlipper
proxmark3
godot_4-mono
# system tools
protonvpn-gui
openvpn
nextcloud-client
noisetorch
# hardware managment tools
(lib.mkIf osConfig.hardware.piperMouse.enable piper)
(lib.mkIf osConfig.hardware.openRGB.enable openrgb)
(lib.mkIf osConfig.hardware.viaKeyboard.enable via)
]
)
)
]
);
}; };
} }

8
homes/leyla/vscode.nix
View file

@ -4,9 +4,7 @@
pkgs, pkgs,
inputs, inputs,
... ...
}: let }: {
cfg = osConfig.nixos.users.leyla;
in {
nixpkgs = { nixpkgs = {
overlays = [ overlays = [
inputs.nix-vscode-extensions.overlays.default inputs.nix-vscode-extensions.overlays.default
@ -14,7 +12,7 @@ in {
}; };
programs = { programs = {
bash.shellAliases = lib.mkIf cfg.isDesktopUser { bash.shellAliases = {
code = "codium"; code = "codium";
}; };
@ -23,7 +21,7 @@ in {
open-vsx = extensions.open-vsx; open-vsx = extensions.open-vsx;
vscode-marketplace = extensions.vscode-marketplace; vscode-marketplace = extensions.vscode-marketplace;
in { in {
enable = cfg.isDesktopUser; enable = true;
package = pkgs.vscodium; package = pkgs.vscodium;

16
hosts/defiant/configuration.nix
View file

@ -7,11 +7,21 @@
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
../../enviroments/server ../../enviroments/server
../../modules/hardware.nix
../../modules/users.nix
]; ];
nixos.users = { nixpkgs.config.allowUnfree = true;
leyla = {
isTerminalUser = true; host = {
users = {
leyla = {
isTerminalUser = true;
isDesktopUser = true;
};
ester.isNormalUser = false;
eve.isNormalUser = false;
}; };
}; };

1
hosts/defiant/hardware-configuration.nix
View file

@ -9,7 +9,6 @@
}: { }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../hardware-common.nix
]; ];
security.sudo.extraConfig = "Defaults lecture=never"; security.sudo.extraConfig = "Defaults lecture=never";

15
hosts/hardware-common.nix
View file

@ -1,15 +0,0 @@
{lib, ...}: {
options = {
hardware = {
piperMouse = {
enable = lib.mkEnableOption "host has a piper mouse";
};
viaKeyboard = {
enable = lib.mkEnableOption "host has a via keyboard";
};
openRGB = {
enable = lib.mkEnableOption "host has open rgb hardware";
};
};
};
}

37
hosts/horizon/configuration.nix
View file

@ -3,29 +3,32 @@
inputs.nixos-hardware.nixosModules.framework-11th-gen-intel inputs.nixos-hardware.nixosModules.framework-11th-gen-intel
../../enviroments/client ../../enviroments/client
../../modules/hardware.nix
../../modules/users.nix
]; ];
nixos.users = { nixpkgs.config.allowUnfree = true;
leyla = {
isDesktopUser = true; host = {
}; users = {
ester = { leyla = {
isDesktopUser = true; isDesktopUser = true;
}; isTerminalUser = true;
eve = { };
isDesktopUser = true; ester.isDesktopUser = true;
eve.isDesktopUser = true;
}; };
}; };
# enabled virtualisation for docker # enabled virtualisation for docker
virtualisation.docker = { # virtualisation.docker = {
enable = true; # enable = true;
rootless = { # rootless = {
enable = true; # enable = true;
setSocketVariable = true; # setSocketVariable = true;
}; # };
}; # };
users.extraGroups.docker.members = ["leyla"]; # users.extraGroups.docker.members = ["leyla"];
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; # services.xserver.libinput.enable = true;

1
hosts/horizon/hardware-configuration.nix
View file

@ -10,7 +10,6 @@
}: { }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../hardware-common.nix
]; ];
boot = { boot = {

25
hosts/twilight/configuration.nix
View file

@ -1,17 +1,24 @@
{pkgs, ...}: { {pkgs, ...}: {
imports = [ imports = [
../../enviroments/client ../../enviroments/client
../../modules/hardware.nix
../../modules/users.nix
]; ];
nixos.users = {
leyla = { nixpkgs.config.allowUnfree = true;
isDesktopUser = true;
hasGPU = true; host = {
users = {
leyla.isDesktopUser = true;
ester.isDesktopUser = true;
eve.isDesktopUser = true;
}; };
ester = { hardware = {
isDesktopUser = true; piperMouse.enable = true;
}; viaKeyboard.enable = true;
eve = { openRGB.enable = true;
isDesktopUser = true; graphicsAcceleration.enable = true;
}; };
}; };

5
hosts/twilight/hardware-configuration.nix
View file

@ -10,7 +10,6 @@
}: { }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
../hardware-common.nix
]; ];
boot = { boot = {
@ -81,10 +80,6 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = { hardware = {
piperMouse.enable = true;
viaKeyboard.enable = true;
openRGB.enable = true;
# Enable OpenGL # Enable OpenGL
graphics.enable = true; graphics.enable = true;

16
modules/hardware.nix Normal file
View file

@ -0,0 +1,16 @@
{lib, ...}: {
options.host.hardware = {
piperMouse = {
enable = lib.mkEnableOption "host has a piper mouse";
};
viaKeyboard = {
enable = lib.mkEnableOption "host has a via keyboard";
};
openRGB = {
enable = lib.mkEnableOption "host has open rgb hardware";
};
graphicsAcceleration = {
enable = lib.mkEnableOption "host has a gpu for graphical acceleration";
};
};
}

249
modules/users.nix Normal file
View file

@ -0,0 +1,249 @@
{
lib,
config,
inputs,
...
}: let
uids = {
leyla = 1000;
ester = 1001;
eve = 1002;
jellyfin = 2000;
forgejo = 2002;
pihole = 2003;
hass = 2004;
headscale = 2005;
nextcloud = 2006;
};
gids = {
leyla = 1000;
ester = 1001;
eve = 1002;
users = 100;
jellyfin_media = 2001;
jellyfin = 2000;
forgejo = 2002;
pihole = 2003;
hass = 2004;
headscale = 2005;
nextcloud = 2006;
};
users = config.users.users;
leyla = users.leyla.name;
ester = users.ester.name;
eve = users.eve.name;
in {
options.host.users = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({config, ...}: {
options = {
isDesktopUser = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
User should install their desktop applications
'';
defaultText = lib.literalExpression "config.host.users.\${name}.isDesktopUser";
};
isTerminalUser = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
User should install their terminal applications
'';
defaultText = lib.literalExpression "config.host.users.\${name}.isTerminalUser";
};
isNormalUser = lib.mkOption {
type = lib.types.bool;
default = config.isDesktopUser || config.isTerminalUser;
description = ''
User should install their applications
'';
defaultText = lib.literalExpression "config.host.users.\${name}.isNormalUser";
};
};
}));
};
config = {
# set up user passwords
sops.secrets = {
"passwords/leyla" = {
neededForUsers = true;
sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
"passwords/ester" = {
neededForUsers = true;
sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
"passwords/eve" = {
neededForUsers = true;
sopsFile = "${inputs.secrets}/user-passwords.yaml";
};
};
users = {
mutableUsers = false;
users = {
leyla = {
uid = lib.mkForce uids.leyla;
description = "Leyla";
extraGroups =
(lib.lists.optionals config.host.users.leyla.isNormalUser ["networkmanager" "wheel" "dialout"])
++ (lib.lists.optionals config.host.users.leyla.isDesktopUser ["adbusers"]);
hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
isNormalUser = config.host.users.leyla.isNormalUser;
isSystemUser = !config.host.users.leyla.isNormalUser;
group = config.users.users.leyla.name;
};
ester = {
uid = lib.mkForce uids.ester;
description = "Ester";
extraGroups = lib.optionals config.host.users.ester.isNormalUser ["networkmanager"];
hashedPasswordFile = config.sops.secrets."passwords/ester".path;
isNormalUser = config.host.users.ester.isNormalUser;
isSystemUser = !config.host.users.ester.isNormalUser;
group = config.users.users.ester.name;
};
eve = {
uid = lib.mkForce uids.eve;
description = "Eve";
extraGroups = lib.optionals config.host.users.eve.isNormalUser ["networkmanager"];
hashedPasswordFile = config.sops.secrets."passwords/eve".path;
isNormalUser = config.host.users.eve.isNormalUser;
isSystemUser = !config.host.users.eve.isNormalUser;
group = config.users.users.eve.name;
};
jellyfin = {
uid = lib.mkForce uids.jellyfin;
isSystemUser = true;
group = config.users.users.jellyfin.name;
};
forgejo = {
uid = lib.mkForce uids.forgejo;
isSystemUser = true;
group = config.users.users.forgejo.name;
};
pihole = {
uid = lib.mkForce uids.pihole;
isSystemUser = true;
group = config.users.users.pihole.name;
};
hass = {
uid = lib.mkForce uids.hass;
isSystemUser = true;
group = config.users.users.hass.name;
};
headscale = {
uid = lib.mkForce uids.headscale;
isSystemUser = true;
group = config.users.users.headscale.name;
};
nextcloud = {
uid = lib.mkForce uids.nextcloud;
isSystemUser = true;
group = config.users.users.nextcloud.name;
};
};
groups = {
leyla = {
gid = lib.mkForce gids.leyla;
members = [
leyla
];
};
ester = {
gid = lib.mkForce gids.ester;
members = [
ester
];
};
eve = {
gid = lib.mkForce gids.eve;
members = [
eve
];
};
users = {
gid = lib.mkForce gids.users;
members = [
leyla
ester
eve
];
};
jellyfin_media = {
gid = lib.mkForce gids.jellyfin_media;
members = [
users.jellyfin.name
leyla
ester
eve
];
};
jellyfin = {
gid = lib.mkForce gids.jellyfin;
members = [
users.jellyfin.name
# leyla
];
};
forgejo = {
gid = lib.mkForce gids.forgejo;
members = [
users.forgejo.name
# leyla
];
};
pihole = {
gid = lib.mkForce gids.pihole;
members = [
users.pihole.name
# leyla
];
};
hass = {
gid = lib.mkForce gids.hass;
members = [
users.hass.name
# leyla
];
};
headscale = {
gid = lib.mkForce gids.headscale;
members = [
users.headscale.name
# leyla
];
};
nextcloud = {
gid = lib.mkForce gids.nextcloud;
members = [
users.nextcloud.name
# leyla
];
};
};
};
};
}

4
util/default.nix
View file

@ -17,12 +17,12 @@
forEachSystem = nixpkgs.lib.genAttrs systems; forEachSystem = nixpkgs.lib.genAttrs systems;
pkgsFor = system: nixpkgs.legacyPackages.${system}; pkgsFor = system: nixpkgs.legacyPackages.${system};
home-manager-config = { home-manager-config = nixpkgs: {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup"; home-manager.backupFileExtension = "backup";
home-manager.extraSpecialArgs = {inherit inputs;}; home-manager.extraSpecialArgs = {inherit inputs;};
home-manager.users = import ../homes; home-manager.users = import ../homes nixpkgs;
}; };
in { in {
forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system)); forEachPkgs = lambda: forEachSystem (system: lambda (pkgsFor system));