feat(nixos): add owner config to manifest and users module

2025-07-06 23:33:36 +08:00 · 2025-07-06 23:33:36 +08:00 · aef828b713
commit aef828b713
parent f670889e29
2 changed files with 73 additions and 37 deletions
--- a/nix/manifest.nix
+++ b/nix/manifest.nix
@ -8,45 +8,53 @@ let
  };
 in
 {
-  flake.manifest.hosts = {
+  flake.manifest = {
-    "nixos/test".extraCfg = testCfg;
+    owner = {
-    "nixos/nemesis" = {
+      username = "rafiq";
-      machine = {
+      email = "rafiq@rrv.sh";
-        platform = "amd";
+      shell = "fish";
-        gpu = "nvidia";
+      pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdsZyY3gu8IGB8MzMnLdh+ClDxQQ2RYG9rkeetIKq8n rafiq";
        root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
        monitors = [
          {
            id = "desc:OOO AN-270W04K";
            scale = "2";
            resolution = "3840x2160";
            refresh-rate = "60";
          }
        ];
      };
      # profiles = with config.flake.profiles.nixos; [
      #   graphical
      #   development
      # ];
      # extraModules = with config.flakes.modules.nixos; [
      #   sunshine
      #   sd-webui-forge
      #   comfy-ui
      # ];
      extraCfg = testCfg;
    };
-    "nixos/apollo" = {
+    hosts = {
-      machine = {
+      "nixos/test".extraCfg = testCfg;
-        platform = "intel";
+      "nixos/nemesis" = {
-        root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
+        machine = {
          platform = "amd";
          gpu = "nvidia";
          root.drive = "/dev/disk/by-id/nvme-CT2000P3SSD8_2325E6E77434";
          monitors = [
            {
              id = "desc:OOO AN-270W04K";
              scale = "2";
              resolution = "3840x2160";
              refresh-rate = "60";
            }
          ];
        };
        # profiles = with config.flake.profiles.nixos; [
        #   graphical
        #   development
        # ];
        # extraModules = with config.flakes.modules.nixos; [
        #   sunshine
        #   sd-webui-forge
        #   comfy-ui
        # ];
        extraCfg = testCfg;
      };
      "nixos/apollo" = {
        machine = {
          platform = "intel";
          root.drive = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
        };
        # profiles = with config.flake.profiles.nixos; [ headless ];
        # extraModules = with config.flakes.modules.nixos; [
        #   librechat
        #   forgejo
        #   rrv-sh
        # ];
        extraCfg = testCfg;
      };
      # profiles = with config.flake.profiles.nixos; [ headless ];
      # extraModules = with config.flakes.modules.nixos; [
      #   librechat
      #   forgejo
      #   rrv-sh
      # ];
      extraCfg = testCfg;
    };
  };
 }
--- a/nix/modules/nixos/users.nix
+++ b/nix/modules/nixos/users.nix
@ -0,0 +1,28 @@
 { config, ... }:
 let
  inherit (config.flake.manifest) owner;
 in
 {
  flake.modules.nixos.default =
    { pkgs, ... }:
    {
      #TODO: move sudo/security options elsewhere
      security.sudo.wheelNeedsPassword = false;
      nix.settings.trusted-users = [ "@wheel" ];
      #TODO: move to shell config
      programs.${owner.shell}.enable = true;
      #TODO: move ssh key settings elsewhere
      users = {
        mutableUsers = false;
        groups.users.gid = 100;
        users.root.openssh.authorizedKeys.keys = [ owner.pubkey ];
        users.${owner.username} = {
          isNormalUser = true;
          # hashedPasswordFile
          extraGroups = [ "wheel" ];
          shell = pkgs.${owner.shell};
          openssh.authorizedKeys.keys = [ owner.pubkey ];
        };
      };
    };
 }