modules: reorganize standalone and system user handling

author: seth <[email protected]> 2024-02-28 06:51:04 -0500
committer: seth <[email protected]> 2024-02-28 06:51:04 -0500
commit: ed23d606f190aa20e620063ab65e78caf613b67c (patch)
tree: 00a30702876104ae07a9544ae38ff55ed92f0126 /modules
parent: 62621080f9f97f5dffa889daf1dbc7257ba2cda7 (diff)
13 files changed, 112 insertions, 101 deletions
diff --git a/modules/darwin/archetypes/personal.nix b/modules/darwin/archetypes/personal.nix
index 34f9ec4..7dcfbe0 100644
--- a/modules/darwin/archetypes/personal.nix
+++ b/modules/darwin/archetypes/personal.nix
@@ -15,7 +15,9 @@ in {
 
     traits = {
       home-manager.enable = true;
-      users.seth.enable = true;
+      users = {
+        seth.enable = true;
+      };
     };
   };
 }
diff --git a/modules/darwin/traits/default.nix b/modules/darwin/traits/default.nix
index 0939a66..1e9a5a4 100644
--- a/modules/darwin/traits/default.nix
+++ b/modules/darwin/traits/default.nix
@@ -1,6 +1,5 @@
 {
   imports = [
     ./home-manager.nix
-    ./users.nix
   ];
 }
diff --git a/modules/darwin/traits/users.nix b/modules/darwin/traits/users.nix
deleted file mode 100644
index b0a2078..0000000
--- a/modules/darwin/traits/users.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  imports = [
-    ../../../users/seth/darwin.nix
-  ];
-}
diff --git a/modules/default.nix b/modules/default.nix
index 62a17e4..198ba0f 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -1,5 +1,5 @@
 {
   nixosModules = import ./nixos;
   darwinModules = import ./darwin;
-  flakeModules = import./flake;
+  flakeModules = import ./flake;
 }
diff --git a/modules/flake/configurations.nix b/modules/flake/configurations.nix
index d9406db..7b745fc 100644
--- a/modules/flake/configurations.nix
+++ b/modules/flake/configurations.nix
@@ -1,11 +1,15 @@
 {
   config,
   lib,
+  moduleLocation,
+  flake-parts-lib,
   withSystem,
   inputs,
   self,
   ...
 }: let
+  inherit (flake-parts-lib) mkSubmoduleOptions;
+
   inherit
     (lib)
     attrValues
@@ -150,6 +154,17 @@ in {
   ];
 
   options = {
+    flake = mkSubmoduleOptions {
+      darwinModules = mkOption {
+        type = types.lazyAttrsOf types.unspecified;
+        default = {};
+        apply = mapAttrs (name: value: {
+          _file = "${toString moduleLocation}#darwinModules.${name}";
+          imports = [value];
+        });
+      };
+    };
+
     nixosConfigurations = mkSystemOptions "nixos";
     darwinConfigurations = mkSystemOptions "darwin";
 
diff --git a/modules/nixos/archetypes/personal.nix b/modules/nixos/archetypes/personal.nix
index 7122708..68aada9 100644
--- a/modules/nixos/archetypes/personal.nix
+++ b/modules/nixos/archetypes/personal.nix
@@ -22,7 +22,6 @@ in {
 
       secrets.enable = true;
       tailscale.enable = true;
-      user-setup.enable = true;
 
       users = {
         seth.enable = true;
diff --git a/modules/nixos/archetypes/server.nix b/modules/nixos/archetypes/server.nix
index 3933b6f..3fdc0d2 100644
--- a/modules/nixos/archetypes/server.nix
+++ b/modules/nixos/archetypes/server.nix
@@ -39,7 +39,6 @@ in {
         ssh.enable = true;
       };
 
-      user-setup.enable = true;
       users = {
         hostUser.enable = true;
       };
diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix
index 31cd6ff..421f733 100644
--- a/modules/nixos/base/default.nix
+++ b/modules/nixos/base/default.nix
@@ -11,6 +11,7 @@
     ./nix.nix
     ./programs.nix
     ./security.nix
+    ./users.nix
   ];
 
   services.journald.extraConfig = ''
diff --git a/modules/nixos/base/users.nix b/modules/nixos/base/users.nix
new file mode 100644
index 0000000..8a554f5
--- /dev/null
+++ b/modules/nixos/base/users.nix
@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  pkgs,
+  secretsDir,
+  ...
+}: let
+  cfg = config.base.users;
+in {
+  options.base.users = {
+    enable = lib.mkEnableOption "base user configurations" // {default = true;};
+
+    defaultRoot = {
+      enable = lib.mkEnableOption "default root user configuration" // {default = true;};
+      manageSecrets =
+        lib.mkEnableOption "automatic secrets management"
+        // {
+          default = config.traits.secrets.enable;
+        };
+    };
+  };
+
+  config = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      {
+        users = {
+          defaultUserShell = pkgs.bash;
+          mutableUsers = false;
+        };
+      }
+
+      (lib.mkIf cfg.defaultRoot.enable {
+        users.users.root = {
+          home = lib.mkDefault "/root";
+          uid = lib.mkDefault config.ids.uids.root;
+          group = lib.mkDefault "root";
+        };
+      })
+
+      (lib.mkIf cfg.defaultRoot.manageSecrets {
+        age.secrets = {
+          rootPassword.file = secretsDir + "/rootPassword.age";
+        };
+
+        users.users.root = {
+          hashedPasswordFile = config.age.secrets.rootPassword.path;
+        };
+      })
+    ]
+  );
+}
diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix
index 58519ca..983edce 100644
--- a/modules/nixos/traits/default.nix
+++ b/modules/nixos/traits/default.nix
@@ -3,11 +3,10 @@
     ./auto-upgrade.nix
     ./containers.nix
     ./home-manager.nix
+    ./host-user.nix
     ./locale.nix
     ./secrets.nix
     ./tailscale.nix
-    ./user-setup.nix
-    ./users.nix
     ./zram.nix
   ];
 }
diff --git a/modules/nixos/traits/host-user.nix b/modules/nixos/traits/host-user.nix
new file mode 100644
index 0000000..2da91d6
--- /dev/null
+++ b/modules/nixos/traits/host-user.nix
@@ -0,0 +1,40 @@
+{
+  config,
+  lib,
+  pkgs,
+  secretsDir,
+  ...
+}: let
+  cfg = config.traits.users.hostUser;
+  inherit (config.networking) hostName;
+in {
+  options.traits.users.hostUser = {
+    enable = lib.mkEnableOption "${hostName} user configuration";
+    manageSecrets =
+      lib.mkEnableOption "automatic secrets management"
+      // {
+        default = config.traits.secrets.enable;
+      };
+  };
+
+  config = lib.mkIf cfg.enable (
+    lib.mkMerge [
+      {
+        users.users.${hostName} = {
+          isNormalUser = true;
+          shell = pkgs.bash;
+        };
+      }
+
+      (lib.mkIf cfg.manageSecrets {
+        age.secrets = {
+          userPassword.file = secretsDir + "/userPassword.age";
+        };
+
+        users.users.${hostName} = {
+          hashedPasswordFile = config.age.secrets.userPassword.path;
+        };
+      })
+    ]
+  );
+}
diff --git a/modules/nixos/traits/user-setup.nix b/modules/nixos/traits/user-setup.nix
deleted file mode 100644
index 1d02134..0000000
--- a/modules/nixos/traits/user-setup.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  secretsDir,
-  ...
-}: let
-  cfg = config.traits.user-setup;
-in {
-  options.traits.user-setup = {
-    enable = lib.mkEnableOption "basic immutable user & root configurations";
-    manageSecrets =
-      lib.mkEnableOption "automatic secrets management"
-      // {
-        default = config.traits.secrets.enable;
-      };
-  };
-
-  config = lib.mkIf cfg.enable (
-    lib.mkMerge [
-      {
-        users = {
-          defaultUserShell = pkgs.bash;
-          mutableUsers = false;
-
-          users.root =
-            {
-              home = lib.mkDefault "/root";
-              uid = lib.mkDefault config.ids.uids.root;
-              group = lib.mkDefault "root";
-            }
-            // lib.optionalAttrs cfg.manageSecrets {
-              hashedPasswordFile = config.age.secrets.rootPassword.path;
-            };
-        };
-      }
-
-      (lib.mkIf cfg.manageSecrets {
-        age.secrets = {
-          rootPassword.file = secretsDir + "/rootPassword.age";
-        };
-      })
-    ]
-  );
-}
diff --git a/modules/nixos/traits/users.nix b/modules/nixos/traits/users.nix
deleted file mode 100644
index de28c00..0000000
--- a/modules/nixos/traits/users.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  secretsDir,
-  ...
-}: let
-  cfg = config.traits.users;
-  inherit (config.networking) hostName;
-in {
-  options.traits.users = {
-    hostUser = {
-      enable = lib.mkEnableOption "${hostName} user configuration";
-      manageSecrets =
-        lib.mkEnableOption "automatic secrets management"
-        // {
-          default = config.traits.secrets.enable;
-        };
-    };
-  };
-
-  imports = [
-    ../../../users/seth/nixos.nix
-  ];
-
-  config = lib.mkMerge [
-    (lib.mkIf cfg.hostUser.enable {
-      users.users.${hostName} = {
-        isNormalUser = true;
-        shell = pkgs.bash;
-      };
-    })
-
-    (lib.mkIf (cfg.hostUser.enable && cfg.hostUser.manageSecrets) {
-      age.secrets = {
-        userPassword.file = secretsDir + "/userPassword.age";
-      };
-
-      users.users.${hostName} = {
-        hashedPasswordFile = config.age.secrets.userPassword.path;
-      };
-    })
-  ];
-}
author	seth <[email protected]>	2024-02-28 06:51:04 -0500
committer	seth <[email protected]>	2024-02-28 06:51:04 -0500
commit	ed23d606f190aa20e620063ab65e78caf613b67c (patch)
tree	00a30702876104ae07a9544ae38ff55ed92f0126 /modules
parent	62621080f9f97f5dffa889daf1dbc7257ba2cda7 (diff)