diff options
Diffstat (limited to 'modules/nixos')
| -rw-r--r-- | modules/nixos/archetypes/personal.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/archetypes/server.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/base/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/base/users.nix | 51 | ||||
| -rw-r--r-- | modules/nixos/traits/default.nix | 3 | ||||
| -rw-r--r-- | modules/nixos/traits/host-user.nix | 40 | ||||
| -rw-r--r-- | modules/nixos/traits/user-setup.nix | 45 | ||||
| -rw-r--r-- | modules/nixos/traits/users.nix | 44 |
8 files changed, 93 insertions, 93 deletions
diff --git a/modules/nixos/archetypes/personal.nix b/modules/nixos/archetypes/personal.nix index 7122708..68aada9 100644 --- a/modules/nixos/archetypes/personal.nix +++ b/modules/nixos/archetypes/personal.nix @@ -22,7 +22,6 @@ in { secrets.enable = true; tailscale.enable = true; - user-setup.enable = true; users = { seth.enable = true; diff --git a/modules/nixos/archetypes/server.nix b/modules/nixos/archetypes/server.nix index 3933b6f..3fdc0d2 100644 --- a/modules/nixos/archetypes/server.nix +++ b/modules/nixos/archetypes/server.nix @@ -39,7 +39,6 @@ in { ssh.enable = true; }; - user-setup.enable = true; users = { hostUser.enable = true; }; diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix index 31cd6ff..421f733 100644 --- a/modules/nixos/base/default.nix +++ b/modules/nixos/base/default.nix @@ -11,6 +11,7 @@ ./nix.nix ./programs.nix ./security.nix + ./users.nix ]; services.journald.extraConfig = '' diff --git a/modules/nixos/base/users.nix b/modules/nixos/base/users.nix new file mode 100644 index 0000000..8a554f5 --- /dev/null +++ b/modules/nixos/base/users.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + pkgs, + secretsDir, + ... +}: let + cfg = config.base.users; +in { + options.base.users = { + enable = lib.mkEnableOption "base user configurations" // {default = true;}; + + defaultRoot = { + enable = lib.mkEnableOption "default root user configuration" // {default = true;}; + manageSecrets = + lib.mkEnableOption "automatic secrets management" + // { + default = config.traits.secrets.enable; + }; + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + users = { + defaultUserShell = pkgs.bash; + mutableUsers = false; + }; + } + + (lib.mkIf cfg.defaultRoot.enable { + users.users.root = { + home = lib.mkDefault "/root"; + uid = lib.mkDefault config.ids.uids.root; + group = lib.mkDefault "root"; + }; + }) + + (lib.mkIf cfg.defaultRoot.manageSecrets { + age.secrets = { + rootPassword.file = secretsDir + "/rootPassword.age"; + }; + + users.users.root = { + hashedPasswordFile = config.age.secrets.rootPassword.path; + }; + }) + ] + ); +} diff --git a/modules/nixos/traits/default.nix b/modules/nixos/traits/default.nix index 58519ca..983edce 100644 --- a/modules/nixos/traits/default.nix +++ b/modules/nixos/traits/default.nix @@ -3,11 +3,10 @@ ./auto-upgrade.nix ./containers.nix ./home-manager.nix + ./host-user.nix ./locale.nix ./secrets.nix ./tailscale.nix - ./user-setup.nix - ./users.nix ./zram.nix ]; } diff --git a/modules/nixos/traits/host-user.nix b/modules/nixos/traits/host-user.nix new file mode 100644 index 0000000..2da91d6 --- /dev/null +++ b/modules/nixos/traits/host-user.nix @@ -0,0 +1,40 @@ +{ + config, + lib, + pkgs, + secretsDir, + ... +}: let + cfg = config.traits.users.hostUser; + inherit (config.networking) hostName; +in { + options.traits.users.hostUser = { + enable = lib.mkEnableOption "${hostName} user configuration"; + manageSecrets = + lib.mkEnableOption "automatic secrets management" + // { + default = config.traits.secrets.enable; + }; + }; + + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + users.users.${hostName} = { + isNormalUser = true; + shell = pkgs.bash; + }; + } + + (lib.mkIf cfg.manageSecrets { + age.secrets = { + userPassword.file = secretsDir + "/userPassword.age"; + }; + + users.users.${hostName} = { + hashedPasswordFile = config.age.secrets.userPassword.path; + }; + }) + ] + ); +} diff --git a/modules/nixos/traits/user-setup.nix b/modules/nixos/traits/user-setup.nix deleted file mode 100644 index 1d02134..0000000 --- a/modules/nixos/traits/user-setup.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - pkgs, - secretsDir, - ... -}: let - cfg = config.traits.user-setup; -in { - options.traits.user-setup = { - enable = lib.mkEnableOption "basic immutable user & root configurations"; - manageSecrets = - lib.mkEnableOption "automatic secrets management" - // { - default = config.traits.secrets.enable; - }; - }; - - config = lib.mkIf cfg.enable ( - lib.mkMerge [ - { - users = { - defaultUserShell = pkgs.bash; - mutableUsers = false; - - users.root = - { - home = lib.mkDefault "/root"; - uid = lib.mkDefault config.ids.uids.root; - group = lib.mkDefault "root"; - } - // lib.optionalAttrs cfg.manageSecrets { - hashedPasswordFile = config.age.secrets.rootPassword.path; - }; - }; - } - - (lib.mkIf cfg.manageSecrets { - age.secrets = { - rootPassword.file = secretsDir + "/rootPassword.age"; - }; - }) - ] - ); -} diff --git a/modules/nixos/traits/users.nix b/modules/nixos/traits/users.nix deleted file mode 100644 index de28c00..0000000 --- a/modules/nixos/traits/users.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - lib, - pkgs, - secretsDir, - ... -}: let - cfg = config.traits.users; - inherit (config.networking) hostName; -in { - options.traits.users = { - hostUser = { - enable = lib.mkEnableOption "${hostName} user configuration"; - manageSecrets = - lib.mkEnableOption "automatic secrets management" - // { - default = config.traits.secrets.enable; - }; - }; - }; - - imports = [ - ../../../users/seth/nixos.nix - ]; - - config = lib.mkMerge [ - (lib.mkIf cfg.hostUser.enable { - users.users.${hostName} = { - isNormalUser = true; - shell = pkgs.bash; - }; - }) - - (lib.mkIf (cfg.hostUser.enable && cfg.hostUser.manageSecrets) { - age.secrets = { - userPassword.file = secretsDir + "/userPassword.age"; - }; - - users.users.${hostName} = { - hashedPasswordFile = config.age.secrets.userPassword.path; - }; - }) - ]; -} |