From 0b73d173f61b9fcc9004ed56ad1efb5c8e5e1d5a Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Mon, 17 Feb 2025 16:09:06 -0600 Subject: [PATCH] feat: add family account configuration --- lib/modules/nixos/default-module.nix | 323 +++++++++++++++------------ packages/hosts/htpc.nix | 6 + 2 files changed, 183 insertions(+), 146 deletions(-) diff --git a/lib/modules/nixos/default-module.nix b/lib/modules/nixos/default-module.nix index 14ee79b..23b3f81 100644 --- a/lib/modules/nixos/default-module.nix +++ b/lib/modules/nixos/default-module.nix @@ -33,152 +33,183 @@ restic ]; - config = { - lyte.shell.enable = lib.mkDefault true; - nixpkgs = { - config.allowUnfree = lib.mkDefault true; - overlays = [ self.flakeLib.forSelfOverlay ]; - }; - nix = { - nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - # registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs; - - settings = { - trusted-users = lib.mkDefault [ "@wheel" ]; - extra-experimental-features = lib.mkDefault [ - "nix-command" - "flakes" - ]; - auto-optimise-store = lib.mkDefault true; - }; - }; - - sops = { - age = { - sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; - keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt"; - generateKey = lib.mkDefault true; - }; - }; - - # TODO: for each non-system user on the machine? - home-manager = { - useGlobalPkgs = lib.mkDefault true; - useUserPackages = lib.mkDefault true; - backupFileExtension = lib.mkDefault "hm-backup"; - }; - - systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again? - boot.tmp.cleanOnBoot = lib.mkDefault true; - programs.gnupg.agent.enable = lib.mkDefault true; - time.timeZone = lib.mkDefault "America/Chicago"; - i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; - hardware.enableRedistributableFirmware = lib.mkDefault true; - - users.users.root = { - openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ]; - shell = lib.mkIf config.lyte.shell.enable pkgs.fish; - }; - - services = { - openssh = { - enable = lib.mkDefault true; - - settings = { - PasswordAuthentication = lib.mkDefault false; - KbdInteractiveAuthentication = lib.mkDefault false; - PermitRootLogin = lib.mkForce "prohibit-password"; - }; - - openFirewall = lib.mkDefault true; - - /* - listenAddresses = [ - { addr = "0.0.0.0"; port = 22; } - ]; - */ - }; - avahi = { - enable = lib.mkDefault true; - reflector = lib.mkDefault true; - openFirewall = lib.mkDefault true; - nssmdns4 = lib.mkDefault true; - }; - tailscale = { - enable = lib.mkDefault true; - useRoutingFeatures = lib.mkDefault "client"; - }; - journald.extraConfig = lib.mkDefault "SystemMaxUse=1G"; - xserver.xkb = { - layout = lib.mkDefault "us"; - - # have the caps-lock key instead be a ctrl key - options = lib.mkDefault "ctrl:nocaps"; - }; - smartd.enable = lib.mkDefault true; - fwupd.enable = lib.mkDefault true; - }; - - console = { - useXkbConfig = lib.mkDefault true; - earlySetup = lib.mkDefault true; - - colors = - with self.outputs.style.colors; - lib.mkDefault [ - bg - red - green - orange - blue - purple - yellow - fg3 - fgdim - red - green - orange - blue - purple - yellow - fg - ]; - }; - - networking = { - hostName = lib.mkDefault "set-a-hostname-dingus"; - - useDHCP = lib.mkDefault true; - firewall = { - enable = lib.mkDefault true; - allowPing = lib.mkDefault true; - }; - }; - - users.groups.daniel = { }; - users.users.daniel = { - isNormalUser = true; - home = "/home/daniel/.home"; - description = "Daniel Flanagan"; - createHome = true; - openssh.authorizedKeys.keys = [ self.outputs.pubkey ]; - group = "daniel"; - shell = lib.mkIf config.lyte.shell.enable pkgs.fish; - extraGroups = [ - "users" - "wheel" - "video" - "dialout" - "uucp" - "kvm" - ]; - packages = [ ]; - }; - home-manager.users.daniel = { - home.stateVersion = lib.mkDefault config.system.stateVersion; - imports = with self.outputs.homeManagerModules; [ - default - ]; + options = { + family-account = { + enable = lib.mkEnableOption "Enable a user account for family members"; }; }; + + config = + { + lyte.shell.enable = lib.mkDefault true; + nixpkgs = { + config.allowUnfree = lib.mkDefault true; + overlays = [ self.flakeLib.forSelfOverlay ]; + }; + nix = { + nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; + # registry = lib.mapAttrs (_: value: { flake = value; }) self.inputs; + + settings = { + trusted-users = lib.mkDefault [ "@wheel" ]; + extra-experimental-features = lib.mkDefault [ + "nix-command" + "flakes" + ]; + auto-optimise-store = lib.mkDefault true; + }; + }; + + sops = { + age = { + sshKeyPaths = lib.mkDefault [ "/etc/ssh/ssh_host_ed25519_key" ]; + keyFile = lib.mkDefault "/var/lib/sops-nix/key.txt"; + generateKey = lib.mkDefault true; + }; + }; + + # TODO: for each non-system user on the machine? + home-manager = { + useGlobalPkgs = lib.mkDefault true; + useUserPackages = lib.mkDefault true; + backupFileExtension = lib.mkDefault "hm-backup"; + }; + + systemd.services.nix-daemon.environment.TMPDIR = lib.mkDefault "/var/tmp"; # TODO: why did I do this again? + boot.tmp.cleanOnBoot = lib.mkDefault true; + programs.gnupg.agent.enable = lib.mkDefault true; + time.timeZone = lib.mkDefault "America/Chicago"; + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; + hardware.enableRedistributableFirmware = lib.mkDefault true; + + users.users.root = { + openssh.authorizedKeys.keys = lib.mkDefault [ self.outputs.pubkey ]; + shell = lib.mkIf config.lyte.shell.enable pkgs.fish; + }; + + services = { + openssh = { + enable = lib.mkDefault true; + + settings = { + PasswordAuthentication = lib.mkDefault false; + KbdInteractiveAuthentication = lib.mkDefault false; + PermitRootLogin = lib.mkForce "prohibit-password"; + }; + + openFirewall = lib.mkDefault true; + + /* + listenAddresses = [ + { addr = "0.0.0.0"; port = 22; } + ]; + */ + }; + avahi = { + enable = lib.mkDefault true; + reflector = lib.mkDefault true; + openFirewall = lib.mkDefault true; + nssmdns4 = lib.mkDefault true; + }; + tailscale = { + enable = lib.mkDefault true; + useRoutingFeatures = lib.mkDefault "client"; + }; + journald.extraConfig = lib.mkDefault "SystemMaxUse=1G"; + xserver.xkb = { + layout = lib.mkDefault "us"; + + # have the caps-lock key instead be a ctrl key + options = lib.mkDefault "ctrl:nocaps"; + }; + smartd.enable = lib.mkDefault true; + fwupd.enable = lib.mkDefault true; + }; + + console = { + useXkbConfig = lib.mkDefault true; + earlySetup = lib.mkDefault true; + + colors = + with self.outputs.style.colors; + lib.mkDefault [ + bg + red + green + orange + blue + purple + yellow + fg3 + fgdim + red + green + orange + blue + purple + yellow + fg + ]; + }; + + networking = { + hostName = lib.mkDefault "set-a-hostname-dingus"; + + useDHCP = lib.mkDefault true; + firewall = { + enable = lib.mkDefault true; + allowPing = lib.mkDefault true; + }; + }; + + users.groups.daniel = { }; + users.users.daniel = { + isNormalUser = true; + home = "/home/daniel/.home"; + description = "Daniel Flanagan"; + createHome = true; + openssh.authorizedKeys.keys = [ self.outputs.pubkey ]; + group = "daniel"; + shell = lib.mkIf config.lyte.shell.enable pkgs.fish; + extraGroups = [ + "users" + "wheel" + "video" + "dialout" + "uucp" + "kvm" + ]; + packages = [ ]; + }; + home-manager.users.daniel = { + home.stateVersion = lib.mkDefault config.system.stateVersion; + imports = with self.outputs.homeManagerModules; [ + default + ]; + }; + } + // lib.mkIf config.family-account.enable { + + users.groups.flanfam = { }; + users.users.flanfam = { + isNormalUser = true; + home = "/home/flanfam"; + description = "Flanagan Family"; + createHome = true; + openssh.authorizedKeys.keys = [ self.outputs.pubkey ]; + group = "flanfam"; + shell = lib.mkIf config.lyte.shell.enable pkgs.fish; + extraGroups = [ + "users" + "video" + ]; + packages = [ ]; + }; + home-manager.users.flanfam = { + home.stateVersion = lib.mkDefault config.system.stateVersion; + imports = with self.outputs.homeManagerModules; [ + default + ]; + }; + }; } diff --git a/packages/hosts/htpc.nix b/packages/hosts/htpc.nix index 15c0e9e..ee67963 100644 --- a/packages/hosts/htpc.nix +++ b/packages/hosts/htpc.nix @@ -64,4 +64,10 @@ lyte.shell.enable = true; lyte.desktop.enable = true; }; + + family-account.enable = true; + home-manager.users.flanfam = { + lyte.shell.enable = true; + lyte.desktop.enable = true; + }; }