From aef828b713cee71cdfb3f024e8fd7269be3f532e Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Sun, 6 Jul 2025 23:33:36 +0800 Subject: [PATCH] feat(nixos): add owner config to manifest and users module --- nix/manifest.nix | 82 ++++++++++++++++++++----------------- nix/modules/nixos/users.nix | 28 +++++++++++++ 2 files changed, 73 insertions(+), 37 deletions(-) create mode 100644 nix/modules/nixos/users.nix diff --git a/nix/manifest.nix b/nix/manifest.nix index 6ce52fc..f8cd607 100644 --- a/nix/manifest.nix +++ b/nix/manifest.nix @@ -8,45 +8,53 @@ let }; in { - flake.manifest.hosts = { - "nixos/test".extraCfg = testCfg; - "nixos/nemesis" = { - machine = { - platform = "amd"; - gpu = "nvidia"; - root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; - monitors = [ - { - id = "desc:OOO AN-270W04K"; - scale = "2"; - resolution = "3840x2160"; - refresh-rate = "60"; - } - ]; - }; - # profiles = with config.flake.profiles.nixos; [ - # graphical - # development - # ]; - # extraModules = with config.flakes.modules.nixos; [ - # sunshine - # sd-webui-forge - # comfy-ui - # ]; - extraCfg = testCfg; + flake.manifest = { + owner = { + username = "rafiq"; + email = "rafiq@rrv.sh"; + shell = "fish"; + pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq"; }; - "nixos/apollo" = { - machine = { - platform = "intel"; - root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; + hosts = { + "nixos/test".extraCfg = testCfg; + "nixos/nemesis" = { + machine = { + platform = "amd"; + gpu = "nvidia"; + root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434"; + monitors = [ + { + id = "desc:OOO AN-270W04K"; + scale = "2"; + resolution = "3840x2160"; + refresh-rate = "60"; + } + ]; + }; + # profiles = with config.flake.profiles.nixos; [ + # graphical + # development + # ]; + # extraModules = with config.flakes.modules.nixos; [ + # sunshine + # sd-webui-forge + # comfy-ui + # ]; + extraCfg = testCfg; + }; + "nixos/apollo" = { + machine = { + platform = "intel"; + root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; + }; + # profiles = with config.flake.profiles.nixos; [ headless ]; + # extraModules = with config.flakes.modules.nixos; [ + # librechat + # forgejo + # rrv-sh + # ]; + extraCfg = testCfg; }; - # profiles = with config.flake.profiles.nixos; [ headless ]; - # extraModules = with config.flakes.modules.nixos; [ - # librechat - # forgejo - # rrv-sh - # ]; - extraCfg = testCfg; }; }; } diff --git a/nix/modules/nixos/users.nix b/nix/modules/nixos/users.nix new file mode 100644 index 0000000..a2790f7 --- /dev/null +++ b/nix/modules/nixos/users.nix @@ -0,0 +1,28 @@ +{ config, ... }: +let + inherit (config.flake.manifest) owner; +in +{ + flake.modules.nixos.default = + { pkgs, ... }: + { + #TODO: move sudo/security options elsewhere + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + #TODO: move to shell config + programs.${owner.shell}.enable = true; + #TODO: move ssh key settings elsewhere + users = { + mutableUsers = false; + groups.users.gid = 100; + users.root.openssh.authorizedKeys.keys = [ owner.pubkey ]; + users.${owner.username} = { + isNormalUser = true; + # hashedPasswordFile + extraGroups = [ "wheel" ]; + shell = pkgs.${owner.shell}; + openssh.authorizedKeys.keys = [ owner.pubkey ]; + }; + }; + }; +}