nix/lib/modules/nixos/default-module.nix

{
  sops-nix,
  disko,
  slippi,
  self,
  ...
}:
{
  home-manager,
  modulesPath,
  lib,
  config,
  pkgs,
  ...
}:
{
  imports = with self.outputs.nixosModules; [
    (modulesPath + "/installer/scan/not-detected.nix")
    home-manager.nixosModules.home-manager
    sops-nix.nixosModules.sops
    disko.nixosModules.disko
    slippi.nixosModules.default
    deno-netlify-ddns-client
    shell-defaults-and-applications
    desktop
    gnome
    wifi
    printing
    podman
    virtual-machines
    postgres
    gaming
    restic
  ];

  options = {
    family-account = {
      enable = lib.mkEnableOption "Enable a user account for family members";
    };
  };

  config =
    {
      lyte.shell.enable = lib.mkDefault true;
      nixpkgs = {
        config.allowUnfree = lib.mkDefault true;
        overlays = [ self.flakeLib.forSelfOverlay ];
      };
      nix = {
        nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
        # registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;

        settings = {
          trusted-users = lib.mkDefault [ "@wheel" ];
          extra-experimental-features = lib.mkDefault [
            "nix-command"
            "flakes"
          ];
          auto-optimise-store = lib.mkDefault true;
        };
      };

      sops = {
        age = {
          sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
          keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
          generateKey = lib.mkDefault true;
        };
      };

      # TODO: for each non-system user on the machine?
      home-manager = {
        useGlobalPkgs = lib.mkDefault true;
        useUserPackages = lib.mkDefault true;
        backupFileExtension = lib.mkDefault "hm-backup";
      };

      systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
      boot.tmp.cleanOnBoot = lib.mkDefault true;
      programs.gnupg.agent.enable = lib.mkDefault true;
      time.timeZone = lib.mkDefault "America/Chicago";
      i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
      hardware.enableRedistributableFirmware = lib.mkDefault true;

      users.users.root = {
        openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ];
        shell = lib.mkIf config.lyte.shell.enable pkgs.fish;
      };

      services = {
        openssh = {
          enable = lib.mkDefault true;

          settings = {
            PasswordAuthentication = lib.mkDefault false;
            KbdInteractiveAuthentication = lib.mkDefault false;
            PermitRootLogin = lib.mkForce "prohibit-password";
          };

          openFirewall = lib.mkDefault true;

          /*
            listenAddresses = [
              { addr = "0.0.0.0"; port = 22; }
            ];
          */
        };
        avahi = {
          enable = lib.mkDefault true;
          reflector = lib.mkDefault true;
          openFirewall = lib.mkDefault true;
          nssmdns4 = lib.mkDefault true;
        };
        tailscale = {
          enable = lib.mkDefault true;
          useRoutingFeatures = lib.mkDefault "client";
        };
        journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";
        xserver.xkb = {
          layout = lib.mkDefault "us";

          # have the caps-lock key instead be a ctrl key
          options = lib.mkDefault "ctrl:nocaps";
        };
        smartd.enable = lib.mkDefault true;
        fwupd.enable = lib.mkDefault true;
      };

      console = {
        useXkbConfig = lib.mkDefault true;
        earlySetup = lib.mkDefault true;

        colors =
          with self.outputs.style.colors;
          lib.mkDefault [
            bg
            red
            green
            orange
            blue
            purple
            yellow
            fg3
            fgdim
            red
            green
            orange
            blue
            purple
            yellow
            fg
          ];
      };

      networking = {
        hostName = lib.mkDefault "set-a-hostname-dingus";

        useDHCP = lib.mkDefault true;
        firewall = {
          enable = lib.mkDefault true;
          allowPing = lib.mkDefault true;
        };
      };

      users.groups.daniel = { };
      users.users.daniel = {
        isNormalUser = true;
        home = "/home/daniel/.home";
        description = "Daniel Flanagan";
        createHome = true;
        openssh.authorizedKeys.keys = [ self.outputs.pubkey ];
        group = "daniel";
        shell = lib.mkIf config.lyte.shell.enable pkgs.fish;
        extraGroups = [
          "users"
          "wheel"
          "video"
          "dialout"
          "uucp"
          "kvm"
        ];
        packages = [ ];
      };
      home-manager.users.daniel = {
        home.stateVersion = lib.mkDefault config.system.stateVersion;
        imports = with self.outputs.homeManagerModules; [
          default
        ];
      };
    }
    // lib.mkIf config.family-account.enable {

      users.groups.flanfam = { };
      users.users.flanfam = {
        isNormalUser = true;
        home = "/home/flanfam";
        description = "Flanagan Family";
        createHome = true;
        openssh.authorizedKeys.keys = [ self.outputs.pubkey ];
        group = "flanfam";
        shell = lib.mkIf config.lyte.shell.enable pkgs.fish;
        extraGroups = [
          "users"
          "video"
        ];
        packages = [ ];
      };
      home-manager.users.flanfam = {
        home.stateVersion = lib.mkDefault config.system.stateVersion;
        imports = with self.outputs.homeManagerModules; [
          default
        ];
      };
    };
}
dragon check passes 2025-02-16 10:43:53 -06:00			`{`
			`sops-nix,`
			`disko,`
			`slippi,`
			`self,`
			`...`
			`}:`
			`{`
			`home-manager,`
			`modulesPath,`
			`lib,`
			`config,`
chore: wip 2025-02-16 22:10:07 -06:00			`pkgs,`
dragon check passes 2025-02-16 10:43:53 -06:00			`...`
			`}:`
			`{`
			`imports = with self.outputs.nixosModules; [`
			`(modulesPath + "/installer/scan/not-detected.nix")`
I might be getting closer 2025-02-16 11:17:59 -06:00			`home-manager.nixosModules.home-manager`
dragon check passes 2025-02-16 10:43:53 -06:00			`sops-nix.nixosModules.sops`
			`disko.nixosModules.disko`
			`slippi.nixosModules.default`
I might be getting closer 2025-02-16 11:17:59 -06:00			`deno-netlify-ddns-client`
			`shell-defaults-and-applications`
			`desktop`
			`gnome`
			`wifi`
			`printing`
			`podman`
			`virtual-machines`
			`postgres`
			`gaming`
chore: migrate beefcake and htpc, fix steam 2025-02-16 23:53:40 -06:00			`restic`
dragon check passes 2025-02-16 10:43:53 -06:00			`];`

feat: add family account configuration 2025-02-17 16:09:06 -06:00			`options = {`
			`family-account = {`
			`enable = lib.mkEnableOption "Enable a user account for family members";`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`

			`config =`
			`{`
			`lyte.shell.enable = lib.mkDefault true;`
			`nixpkgs = {`
			`config.allowUnfree = lib.mkDefault true;`
			`overlays = [ self.flakeLib.forSelfOverlay ];`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`nix = {`
			`nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;`
			`# registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`settings = {`
			`trusted-users = lib.mkDefault [ "@wheel" ];`
			`extra-experimental-features = lib.mkDefault [`
			`"nix-command"`
			`"flakes"`
			`];`
			`auto-optimise-store = lib.mkDefault true;`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`

feat: add family account configuration 2025-02-17 16:09:06 -06:00			`sops = {`
			`age = {`
			`sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];`
			`keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";`
			`generateKey = lib.mkDefault true;`
			`};`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`# TODO: for each non-system user on the machine?`
			`home-manager = {`
			`useGlobalPkgs = lib.mkDefault true;`
			`useUserPackages = lib.mkDefault true;`
			`backupFileExtension = lib.mkDefault "hm-backup";`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?`
			`boot.tmp.cleanOnBoot = lib.mkDefault true;`
			`programs.gnupg.agent.enable = lib.mkDefault true;`
			`time.timeZone = lib.mkDefault "America/Chicago";`
			`i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";`
			`hardware.enableRedistributableFirmware = lib.mkDefault true;`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`users.users.root = {`
			`openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ];`
			`shell = lib.mkIf config.lyte.shell.enable pkgs.fish;`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`services = {`
			`openssh = {`
			`enable = lib.mkDefault true;`

			`settings = {`
			`PasswordAuthentication = lib.mkDefault false;`
			`KbdInteractiveAuthentication = lib.mkDefault false;`
			`PermitRootLogin = lib.mkForce "prohibit-password";`
			`};`

			`openFirewall = lib.mkDefault true;`

			`/*`
			`listenAddresses = [`
			`{ addr = "0.0.0.0"; port = 22; }`
			`];`
			`*/`
			`};`
			`avahi = {`
			`enable = lib.mkDefault true;`
			`reflector = lib.mkDefault true;`
			`openFirewall = lib.mkDefault true;`
			`nssmdns4 = lib.mkDefault true;`
			`};`
			`tailscale = {`
			`enable = lib.mkDefault true;`
			`useRoutingFeatures = lib.mkDefault "client";`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";`
			`xserver.xkb = {`
			`layout = lib.mkDefault "us";`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`# have the caps-lock key instead be a ctrl key`
			`options = lib.mkDefault "ctrl:nocaps";`
			`};`
			`smartd.enable = lib.mkDefault true;`
			`fwupd.enable = lib.mkDefault true;`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`console = {`
			`useXkbConfig = lib.mkDefault true;`
			`earlySetup = lib.mkDefault true;`

			`colors =`
			`with self.outputs.style.colors;`
			`lib.mkDefault [`
			`bg`
			`red`
			`green`
			`orange`
			`blue`
			`purple`
			`yellow`
			`fg3`
			`fgdim`
			`red`
			`green`
			`orange`
			`blue`
			`purple`
			`yellow`
			`fg`
dragon check passes 2025-02-16 10:43:53 -06:00			`];`
			`};`

feat: add family account configuration 2025-02-17 16:09:06 -06:00			`networking = {`
			`hostName = lib.mkDefault "set-a-hostname-dingus";`

			`useDHCP = lib.mkDefault true;`
			`firewall = {`
			`enable = lib.mkDefault true;`
			`allowPing = lib.mkDefault true;`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`

feat: add family account configuration 2025-02-17 16:09:06 -06:00			`users.groups.daniel = { };`
			`users.users.daniel = {`
			`isNormalUser = true;`
			`home = "/home/daniel/.home";`
			`description = "Daniel Flanagan";`
			`createHome = true;`
			`openssh.authorizedKeys.keys = [ self.outputs.pubkey ];`
			`group = "daniel";`
			`shell = lib.mkIf config.lyte.shell.enable pkgs.fish;`
			`extraGroups = [`
			`"users"`
			`"wheel"`
			`"video"`
			`"dialout"`
			`"uucp"`
			`"kvm"`
			`];`
			`packages = [ ];`
			`};`
			`home-manager.users.daniel = {`
			`home.stateVersion = lib.mkDefault config.system.stateVersion;`
			`imports = with self.outputs.homeManagerModules; [`
			`default`
			`];`
			`};`
			`}`
			`// lib.mkIf config.family-account.enable {`

			`users.groups.flanfam = { };`
			`users.users.flanfam = {`
			`isNormalUser = true;`
			`home = "/home/flanfam";`
			`description = "Flanagan Family";`
			`createHome = true;`
			`openssh.authorizedKeys.keys = [ self.outputs.pubkey ];`
			`group = "flanfam";`
			`shell = lib.mkIf config.lyte.shell.enable pkgs.fish;`
			`extraGroups = [`
			`"users"`
			`"video"`
			`];`
			`packages = [ ];`
			`};`
			`home-manager.users.flanfam = {`
			`home.stateVersion = lib.mkDefault config.system.stateVersion;`
			`imports = with self.outputs.homeManagerModules; [`
			`default`
dragon check passes 2025-02-16 10:43:53 -06:00			`];`
			`};`
			`};`
			`}`