nix/lib/modules/nixos/default-module.nix

{
  sops-nix,
  disko,
  slippi,
  self,
  ...
}:
{
  home-manager,
  modulesPath,
  lib,
  config,
  pkgs,
  ...
}:
{
  imports = with self.outputs.nixosModules; [
    (modulesPath + "/installer/scan/not-detected.nix")
    home-manager.nixosModules.home-manager
    sops-nix.nixosModules.sops
    disko.nixosModules.disko
    slippi.nixosModules.default
    deno-netlify-ddns-client
    shell-defaults-and-applications
    desktop
    gnome
    wifi
    printing
    podman
    virtual-machines
    postgres
    gaming
    restic
    (
      { config, ... }:
      lib.mkIf config.family-account.enable {
        users.groups.flanfam = { };
        users.users.flanfam = {
          isNormalUser = true;
          home = "/home/flanfam";
          description = "Flanagan Family";
          createHome = true;
          openssh.authorizedKeys.keys = [ self.outputs.pubkey ];
          group = "flanfam";
          shell = lib.mkIf config.lyte.shell.enable pkgs.fish;
          extraGroups = [
            "users"
            "power"
            "video"
          ];
        };
        home-manager.users.flanfam = {
          # TODO: .face
          accounts.email.accounts.primary = {
            primary = true;
            address = "home@lyte.dev";
          };
          home = {
            username = "flanfam";
            homeDirectory = "/home/flanfam";
            stateVersion = lib.mkDefault config.system.stateVersion;
            file.".face" = {
              enable = config.home-manager.users.daniel.lyte.desktop.enable;
              source = builtins.fetchurl {
                url = "https://lyte.dev/icon.png";
                sha256 = "sha256:0nf22gwasc64yc5317d0k0api0fwyrf4g3wxljdi2p3ki079ky53";
              };
            };
          };
          imports = with self.outputs.homeManagerModules; [
            {
              _module.args.fullName = config.users.users.flanfam.description;
            }
            default
          ];
        };
      }
    )
  ];

  options = {
    family-account = {
      enable = lib.mkEnableOption "Enable a user account for family members";
    };
  };

  config = {
    system.configurationRevision = toString (
      self.shortRev or self.dirtyShortRev or self.lastModified or "unknown"
    );
    environment.etc = {
      "lytedev/rev".text = config.system.configurationRevision;
      "lytedev/lastModified".text = toString (self.lastModified or "unknown");
    };

    lyte.shell.enable = lib.mkDefault true;
    nixpkgs = {
      config.allowUnfree = lib.mkDefault true;
      overlays = [ self.flakeLib.forSelfOverlay ];
    };
    nix = {
      nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
      # registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;

      settings = {
        trusted-users = lib.mkDefault [ "@wheel" ];
        extra-experimental-features = lib.mkDefault [
          "nix-command"
          "flakes"
        ];
        auto-optimise-store = lib.mkDefault true;
      };
    };

    sops = {
      age = {
        sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];
        keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";
        generateKey = lib.mkDefault true;
      };
    };

    # TODO: for each non-system user on the machine?
    home-manager = {
      useGlobalPkgs = lib.mkDefault true;
      useUserPackages = lib.mkDefault true;
      backupFileExtension = lib.mkDefault "hm-backup";
    };

    systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?
    boot.tmp.cleanOnBoot = lib.mkDefault true;
    programs.gnupg.agent.enable = lib.mkDefault true;
    time.timeZone = lib.mkDefault "America/Chicago";
    i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
    hardware.enableRedistributableFirmware = lib.mkDefault true;

    users.users.root = {
      openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ];
      shell = lib.mkIf config.lyte.shell.enable pkgs.fish;
    };

    services = {
      openssh = {
        enable = lib.mkDefault true;

        settings = {
          PasswordAuthentication = lib.mkDefault false;
          KbdInteractiveAuthentication = lib.mkDefault false;
          PermitRootLogin = lib.mkForce "prohibit-password";
        };

        openFirewall = lib.mkDefault true;

        /*
          listenAddresses = [
            { addr = "0.0.0.0"; port = 22; }
          ];
        */
      };
      avahi = {
        enable = lib.mkDefault true;
        reflector = lib.mkDefault true;
        openFirewall = lib.mkDefault true;
        nssmdns4 = lib.mkDefault true;
      };
      tailscale = {
        enable = lib.mkDefault true;
        useRoutingFeatures = lib.mkDefault "client";
      };
      journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";
      xserver.xkb = {
        layout = lib.mkDefault "us";

        # have the caps-lock key instead be a ctrl key
        options = lib.mkDefault "ctrl:nocaps";
      };
      smartd.enable = lib.mkDefault true;
      fwupd.enable = lib.mkDefault true;
    };

    console = {
      useXkbConfig = lib.mkDefault true;
      earlySetup = lib.mkDefault true;

      colors =
        with self.outputs.style.colors;
        lib.mkDefault [
          bg
          red
          green
          orange
          blue
          purple
          yellow
          fg3
          fgdim
          red
          green
          orange
          blue
          purple
          yellow
          fg
        ];
    };

    networking = {
      hostName = lib.mkDefault "set-a-hostname-dingus";

      useDHCP = lib.mkDefault true;
      firewall = {
        enable = lib.mkDefault true;
        allowPing = lib.mkDefault true;
      };
    };

    users.groups.daniel = { };
    users.users.daniel = {
      isNormalUser = true;
      home = "/home/daniel/.home";
      # TODO: chown /home/daniel
      description = "Daniel Flanagan";
      createHome = true;
      openssh.authorizedKeys.keys = [ self.outputs.pubkey ];
      group = "daniel";
      shell = lib.mkIf config.lyte.shell.enable pkgs.fish;
      extraGroups = [
        "users"
        "wheel"
        "video"
        "dialout"
        "uucp"
        "power"
        "kvm"
      ];
      packages = [ ];
    };
    home-manager.users.daniel = {
      home = {
        stateVersion = lib.mkDefault config.system.stateVersion;
        file.".face" = {
          enable = config.home-manager.users.daniel.lyte.desktop.enable;
          source = builtins.fetchurl {
            url = "https://lyte.dev/img/avatar3-square-512.png";
            sha256 = "sha256:15zwbwisrc01m7ad684rsyq19wl4s33ry9xmgzmi88k1myxhs93x";
          };
        };
      };
      imports = with self.outputs.homeManagerModules; [
        {
          _module.args.fullName = config.users.users.daniel.description;
        }
        default
        daniel
      ];
    };
  };
}
dragon check passes 2025-02-16 10:43:53 -06:00			`{`
			`sops-nix,`
			`disko,`
			`slippi,`
			`self,`
			`...`
			`}:`
			`{`
			`home-manager,`
			`modulesPath,`
			`lib,`
			`config,`
chore: wip 2025-02-16 22:10:07 -06:00			`pkgs,`
dragon check passes 2025-02-16 10:43:53 -06:00			`...`
			`}:`
			`{`
			`imports = with self.outputs.nixosModules; [`
			`(modulesPath + "/installer/scan/not-detected.nix")`
I might be getting closer 2025-02-16 11:17:59 -06:00			`home-manager.nixosModules.home-manager`
dragon check passes 2025-02-16 10:43:53 -06:00			`sops-nix.nixosModules.sops`
			`disko.nixosModules.disko`
			`slippi.nixosModules.default`
I might be getting closer 2025-02-16 11:17:59 -06:00			`deno-netlify-ddns-client`
			`shell-defaults-and-applications`
			`desktop`
			`gnome`
			`wifi`
			`printing`
			`podman`
			`virtual-machines`
			`postgres`
			`gaming`
chore: migrate beefcake and htpc, fix steam 2025-02-16 23:53:40 -06:00			`restic`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`(`
			`{ config, ... }:`
			`lib.mkIf config.family-account.enable {`
			`users.groups.flanfam = { };`
			`users.users.flanfam = {`
			`isNormalUser = true;`
			`home = "/home/flanfam";`
			`description = "Flanagan Family";`
			`createHome = true;`
			`openssh.authorizedKeys.keys = [ self.outputs.pubkey ];`
			`group = "flanfam";`
			`shell = lib.mkIf config.lyte.shell.enable pkgs.fish;`
			`extraGroups = [`
			`"users"`
fix: no power options when locked 2025-02-18 11:55:54 -06:00			`"power"`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`"video"`
			`];`
			`};`
			`home-manager.users.flanfam = {`
			`# TODO: .face`
			`accounts.email.accounts.primary = {`
			`primary = true;`
			`address = "home@lyte.dev";`
			`};`
			`home = {`
			`username = "flanfam";`
			`homeDirectory = "/home/flanfam";`
			`stateVersion = lib.mkDefault config.system.stateVersion;`
			`file.".face" = {`
			`enable = config.home-manager.users.daniel.lyte.desktop.enable;`
			`source = builtins.fetchurl {`
			`url = "https://lyte.dev/icon.png";`
			`sha256 = "sha256:0nf22gwasc64yc5317d0k0api0fwyrf4g3wxljdi2p3ki079ky53";`
			`};`
			`};`
			`};`
			`imports = with self.outputs.homeManagerModules; [`
			`{`
			`_module.args.fullName = config.users.users.flanfam.description;`
			`}`
			`default`
			`];`
			`};`
			`}`
			`)`
dragon check passes 2025-02-16 10:43:53 -06:00			`];`

feat: add family account configuration 2025-02-17 16:09:06 -06:00			`options = {`
			`family-account = {`
			`enable = lib.mkEnableOption "Enable a user account for family members";`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`

feat: add family account configuration 2025-02-18 11:15:48 -06:00			`config = {`
feat: allow dirty revisions 2025-02-18 11:28:52 -06:00			`system.configurationRevision = toString (`
			`self.shortRev or self.dirtyShortRev or self.lastModified or "unknown"`
			`);`
feat: bake flake version information into nixos hosts 2025-02-18 11:26:49 -06:00			`environment.etc = {`
			`"lytedev/rev".text = config.system.configurationRevision;`
fix: cast lastModified to string 2025-02-18 11:32:21 -06:00			`"lytedev/lastModified".text = toString (self.lastModified or "unknown");`
feat: bake flake version information into nixos hosts 2025-02-18 11:26:49 -06:00			`};`

feat: add family account configuration 2025-02-18 11:15:48 -06:00			`lyte.shell.enable = lib.mkDefault true;`
			`nixpkgs = {`
			`config.allowUnfree = lib.mkDefault true;`
			`overlays = [ self.flakeLib.forSelfOverlay ];`
			`};`
			`nix = {`
			`nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;`
			`# registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs;`

			`settings = {`
			`trusted-users = lib.mkDefault [ "@wheel" ];`
			`extra-experimental-features = lib.mkDefault [`
			`"nix-command"`
			`"flakes"`
			`];`
			`auto-optimise-store = lib.mkDefault true;`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`sops = {`
			`age = {`
			`sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ];`
			`keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt";`
			`generateKey = lib.mkDefault true;`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`# TODO: for each non-system user on the machine?`
			`home-manager = {`
			`useGlobalPkgs = lib.mkDefault true;`
			`useUserPackages = lib.mkDefault true;`
			`backupFileExtension = lib.mkDefault "hm-backup";`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again?`
			`boot.tmp.cleanOnBoot = lib.mkDefault true;`
			`programs.gnupg.agent.enable = lib.mkDefault true;`
			`time.timeZone = lib.mkDefault "America/Chicago";`
			`i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";`
			`hardware.enableRedistributableFirmware = lib.mkDefault true;`
feat: add family account configuration 2025-02-17 16:09:06 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`users.users.root = {`
			`openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ];`
			`shell = lib.mkIf config.lyte.shell.enable pkgs.fish;`
			`};`
feat: add family account configuration 2025-02-17 16:09:06 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`services = {`
			`openssh = {`
			`enable = lib.mkDefault true;`
feat: add family account configuration 2025-02-17 16:09:06 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`settings = {`
			`PasswordAuthentication = lib.mkDefault false;`
			`KbdInteractiveAuthentication = lib.mkDefault false;`
			`PermitRootLogin = lib.mkForce "prohibit-password";`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`

feat: add family account configuration 2025-02-18 11:15:48 -06:00			`openFirewall = lib.mkDefault true;`
dragon check passes 2025-02-16 10:43:53 -06:00
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`/*`
			`listenAddresses = [`
			`{ addr = "0.0.0.0"; port = 22; }`
dragon check passes 2025-02-16 10:43:53 -06:00			`];`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`*/`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`avahi = {`
			`enable = lib.mkDefault true;`
			`reflector = lib.mkDefault true;`
			`openFirewall = lib.mkDefault true;`
			`nssmdns4 = lib.mkDefault true;`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`tailscale = {`
			`enable = lib.mkDefault true;`
			`useRoutingFeatures = lib.mkDefault "client";`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`journald.extraConfig = lib.mkDefault "SystemMaxUse=1G";`
			`xserver.xkb = {`
			`layout = lib.mkDefault "us";`

			`# have the caps-lock key instead be a ctrl key`
			`options = lib.mkDefault "ctrl:nocaps";`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`smartd.enable = lib.mkDefault true;`
			`fwupd.enable = lib.mkDefault true;`
			`};`

			`console = {`
			`useXkbConfig = lib.mkDefault true;`
			`earlySetup = lib.mkDefault true;`

			`colors =`
			`with self.outputs.style.colors;`
			`lib.mkDefault [`
			`bg`
			`red`
			`green`
			`orange`
			`blue`
			`purple`
			`yellow`
			`fg3`
			`fgdim`
			`red`
			`green`
			`orange`
			`blue`
			`purple`
			`yellow`
			`fg`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`];`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`};`

			`networking = {`
			`hostName = lib.mkDefault "set-a-hostname-dingus";`

			`useDHCP = lib.mkDefault true;`
			`firewall = {`
			`enable = lib.mkDefault true;`
			`allowPing = lib.mkDefault true;`
feat: add family account configuration 2025-02-17 16:09:06 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`};`

			`users.groups.daniel = { };`
			`users.users.daniel = {`
			`isNormalUser = true;`
			`home = "/home/daniel/.home";`
			`# TODO: chown /home/daniel`
			`description = "Daniel Flanagan";`
			`createHome = true;`
			`openssh.authorizedKeys.keys = [ self.outputs.pubkey ];`
			`group = "daniel";`
			`shell = lib.mkIf config.lyte.shell.enable pkgs.fish;`
			`extraGroups = [`
			`"users"`
			`"wheel"`
			`"video"`
			`"dialout"`
			`"uucp"`
fix: no power options when locked 2025-02-18 11:55:54 -06:00			`"power"`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`"kvm"`
			`];`
			`packages = [ ];`
			`};`
			`home-manager.users.daniel = {`
			`home = {`
			`stateVersion = lib.mkDefault config.system.stateVersion;`
			`file.".face" = {`
			`enable = config.home-manager.users.daniel.lyte.desktop.enable;`
			`source = builtins.fetchurl {`
			`url = "https://lyte.dev/img/avatar3-square-512.png";`
			`sha256 = "sha256:15zwbwisrc01m7ad684rsyq19wl4s33ry9xmgzmi88k1myxhs93x";`
			`};`
			`};`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`imports = with self.outputs.homeManagerModules; [`
			`{`
			`_module.args.fullName = config.users.users.daniel.description;`
			`}`
			`default`
			`daniel`
			`];`
dragon check passes 2025-02-16 10:43:53 -06:00			`};`
feat: add family account configuration 2025-02-18 11:15:48 -06:00			`};`
dragon check passes 2025-02-16 10:43:53 -06:00			`}`