hektor/nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: simplify 'user' options

Browse Source
This commit is contained in:
Hektor Misplon
2026-04-21 13:59:03 +02:00
parent 38818e7508
commit 6a30a431f8
24 changed files with 94 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/colmena.nix
View File

@@ -12,7 +12,7 @@ let
imports = [ ../hosts/${hostname} ];
deployment = {
targetHost = self.nixosConfigurations.${hostname}.config.ssh.publicHostname;
targetUser = self.nixosConfigurations.${hostname}.config.ssh.username;
targetUser = self.nixosConfigurations.${hostname}.config.host.username;
buildOnTarget = builtins.any (t: t != "local" && t != "arm") tags;
inherit tags;
};

7
home/hosts/work/default.nix
View File

@@ -5,9 +5,6 @@
...
}:
let
username = "hektor";
in
{
imports = [
inputs.sops-nix.homeManagerModules.sops
@@ -57,8 +54,8 @@ in
home = {
stateVersion = "25.05";
inherit username;
homeDirectory = "/home/${username}";
username = "hektor";
homeDirectory = "/home/${config.home.username}";
};
targets.genericLinux.nixGL = {

45
home/modules/default.nix
View File

@@ -6,25 +6,32 @@
}:
{
options.nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
options = {
host.username = lib.mkOption {
type = lib.types.str;
default = config.home.username;
};
options.wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
nixgl.wrap = lib.mkOption {
type = lib.types.functionTo lib.types.package;
default = if config.lib ? nixGL then config.lib.nixGL.wrap else lib.id;
readOnly = true;
};
wrapApp = lib.mkOption {
type = lib.types.raw;
default =
pkg: flags:
if config.lib ? nixGL then
pkg.overrideAttrs (old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postInstall = (old.postInstall or "") + ''
wrapProgram $out/bin/${pkg.meta.mainProgram} --add-flags "${flags}"
'';
})
else
pkg;
readOnly = true;
};
};
}

23
hosts/andromache/default.nix
View File

@@ -51,31 +51,17 @@ in
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/andromache {
inherit
inputs
config
pkgs
lib
;
};
home-manager.users.${config.host.username} = import ../../home/hosts/andromache;
ssh.username = config.host.username;
ssh.authorizedHosts = [ "astyanax" ];
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
secrets.nixSigningKey.enable = true;
tailscale.enable = true;
docker.user = config.host.username;
docker.enable = true;
hcloud = {
enable = true;
inherit (config.host) username;
};
hcloud.enable = true;
disko.devices = {
disk.data = {
@@ -107,7 +93,6 @@ in
my.yubikey = {
enable = false;
inherit (config.host) username;
keys = [
{
handle = "<KeyHandle1>";

19
hosts/astyanax/default.nix
View File

@@ -47,26 +47,15 @@ in
../../modules/yubikey
];
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax {
inherit
inputs
config
pkgs
lib
;
};
home-manager.users.${config.host.username} = import ../../home/hosts/astyanax;
ssh.username = config.host.username;
ssh.authorizedHosts = [ "andromache" ];
secrets = {
inherit (config.host) username;
nixSigningKey.enable = true;
};
secrets.nixSigningKey.enable = true;
tailscale.enable = true;
docker.user = config.host.username;
nfc.user = config.host.username;
docker.enable = true;
nfc.enable = true;
desktop.ly.enable = true;
audio.automation.enable = true;

1
hosts/eetion-02/default.nix
View File

@@ -12,7 +12,6 @@
];
ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"

1
hosts/eetion/default.nix
View File

@@ -13,7 +13,6 @@
];
ssh = {
inherit (config.host) username;
publicHostname = config.host.name;
authorizedHosts = [
"andromache"

3
hosts/hecuba/default.nix
View File

@@ -19,7 +19,6 @@
networking.hostName = config.host.name;
ssh = {
inherit (config.host) username;
publicHostname = "server.hektormisplon.xyz";
authorizedHosts = [
"andromache"
@@ -27,7 +26,7 @@
];
};
docker.user = config.host.username;
docker.enable = true;
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";

9
hosts/vm/default.nix
View File

@@ -1,7 +1,6 @@
{
inputs,
config,
pkgs,
...
}:
{
@@ -29,13 +28,7 @@
../../modules/x
];
home-manager.users.${config.host.username} = import ../../home/hosts/vm {
inherit inputs config pkgs;
};
ssh.username = config.host.username;
secrets.username = config.host.username;
home-manager.users.${config.host.username} = import ../../home/hosts/vm;
disko = {
devices.disk.main = {

7
images/sd-image-orange-pi-aarch64.nix
View File

@@ -12,10 +12,15 @@ let
in
{
imports = [
../modules/common/host.nix
../modules/ssh
];
ssh.username = username;
host = {
inherit username;
name = "orange-pi";
};
ssh.authorizedHosts = [
"andromache"
"astyanax"

7
images/sd-image-raspberry-pi-aarch64.nix
View File

@@ -12,10 +12,15 @@ let
in
{
imports = [
../modules/common/host.nix
../modules/ssh
];
ssh.username = username;
host = {
inherit username;
name = "raspberry-pi";
};
ssh.authorizedHosts = [
"andromache"
"astyanax"

3
modules/ai-tools/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }:
let
inherit (config.secrets) sopsDir username;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

3
modules/anki/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }:
let
inherit (config.secrets) sopsDir username;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

5
modules/common/default.nix
View File

@@ -73,6 +73,11 @@ in
myUtils
;
};
sharedModules = [
{
host.username = lib.mkDefault config.host.username;
}
];
};
};
}

24
modules/docker/default.nix
View File

@@ -2,29 +2,17 @@
let
cfg = config.docker;
inherit (config.host) username;
in
{
options.docker = {
enable = lib.mkEnableOption "docker";
rootless = lib.mkOption {
type = lib.types.bool;
default = false;
};
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
};
config = lib.mkMerge [
{
warnings = lib.flatten [
(lib.optional (
cfg.rootless && cfg.user != null
) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
(lib.optional (
!cfg.rootless && cfg.user == null
) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
];
}
(lib.mkIf cfg.rootless {
virtualisation.docker = {
enable = false;
@@ -34,11 +22,9 @@ in
};
};
})
(lib.mkIf (!cfg.rootless && cfg.user != null) {
virtualisation.docker = {
enable = true;
};
users.users.${cfg.user}.extraGroups = [ "docker" ];
(lib.mkIf (cfg.enable && !cfg.rootless) {
virtualisation.docker.enable = true;
users.users.${username}.extraGroups = [ "docker" ];
})
];
}

2
modules/git/default.nix
View File

@@ -4,7 +4,7 @@
}:
let
inherit (config.secrets) username;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

11
modules/hcloud/default.nix
View File

@@ -7,25 +7,22 @@
let
cfg = config.hcloud;
inherit (config.host) username;
inherit (config.secrets) sopsDir;
in
{
options.hcloud = {
enable = lib.mkEnableOption "hcloud CLI configuration";
username = lib.mkOption {
type = lib.types.str;
description = "Username for hcloud CLI configuration";
};
};
config = lib.mkIf cfg.enable {
sops.secrets = myUtils.mkSopsSecrets sopsDir "hcloud" [ "api-token" ] {
owner = config.users.users.${cfg.username}.name;
owner = config.users.users.${username}.name;
};
sops.templates."hcloud/cli.toml" = {
owner = config.users.users.${cfg.username}.name;
path = "/home/${cfg.username}/.config/hcloud/cli.toml";
owner = config.users.users.${username}.name;
path = "/home/${username}/.config/hcloud/cli.toml";
content = ''
active_context = "server"

10
modules/nfc/default.nix
View File

@@ -2,15 +2,13 @@
let
cfg = config.nfc;
inherit (config.host) username;
in
{
options.nfc = {
user = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
enable = lib.mkEnableOption "NFC device access";
};
config = lib.mkIf (cfg.user != null) {
users.users.${cfg.user}.extraGroups = [ "dialout" ];
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "dialout" ];
};
}

9
modules/secrets/default.nix
View File

@@ -9,8 +9,9 @@
let
cfg = config.secrets;
inherit (config.host) username;
inherit (cfg) sopsDir;
owner = config.users.users.${cfg.username}.name;
owner = config.users.users.${username}.name;
mkSopsSecrets = myUtils.mkSopsSecrets sopsDir;
in
{
@@ -18,10 +19,6 @@ in
options = {
secrets = {
username = lib.mkOption {
type = lib.types.str;
};
sopsDir = lib.mkOption {
type = lib.types.str;
default = "${toString inputs.nix-secrets}/secrets";
@@ -43,7 +40,7 @@ in
# ```
# age-plugin-yubikey --identity > <keyfile-path>
# ```
age.keyFile = "/home/${cfg.username}/.config/sops/age/keys.txt";
age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
secrets = lib.mkMerge [
(mkSopsSecrets "email" [ "personal" "work" ] { inherit owner; })

10
modules/ssh/authorized-keys.nix
View File

@@ -1,14 +1,14 @@
{ lib, config, ... }:
let
inherit (config.host) username;
in
{
options.ssh = {
authorizedHosts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
username = lib.mkOption {
type = lib.types.str;
default = "h";
};
publicHostname = lib.mkOption {
type = lib.types.str;
default = "";
@@ -16,7 +16,7 @@
};
# auto generate authorized_keys from `authorizedHosts`
config.users.users.${config.ssh.username}.openssh.authorizedKeys.keys = lib.flatten (
config.users.users.${username}.openssh.authorizedKeys.keys = lib.flatten (
map (
hostname:
let

2
modules/ssh/extract-keys.nix
View File

@@ -1,6 +1,6 @@
{ lib, config, ... }:
let
inherit (config.ssh) username;
inherit (config.host) username;
in
{
# auto extract SSH keys

17
modules/syncthing/default.nix
View File

@@ -7,23 +7,18 @@
with lib;
let
cfg = config.my.syncthing;
inherit (config.host) username;
in
{
options.my.syncthing.username = mkOption {
type = types.str;
default = "h";
};
config = {
users.groups.${cfg.username} = { };
users.users.${cfg.username}.extraGroups = [ cfg.username ];
users.groups.${username} = { };
users.users.${username}.extraGroups = [ username ];
services.syncthing = {
enable = true;
user = cfg.username;
group = cfg.username;
configDir = "/home/${cfg.username}/.local/state/syncthing";
user = username;
group = username;
configDir = "/home/${username}/.local/state/syncthing";
openDefaultPorts = true;
};
};

3
modules/taskwarrior/default.nix
View File

@@ -1,7 +1,8 @@
{ config, myUtils, ... }:
let
inherit (config.secrets) sopsDir username;
inherit (config.secrets) sopsDir;
inherit (config.host) username;
owner = config.users.users.${username}.name;
in
{

10
modules/yubikey/default.nix
View File

@@ -9,18 +9,14 @@ with lib;
let
cfg = config.my.yubikey;
inherit (config.host) username;
formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
authfileContent = username: keys: username + lib.concatMapStrings formatKey keys;
authfileContent = u: keys: u + lib.concatMapStrings formatKey keys;
in
{
options.my.yubikey = {
enable = mkEnableOption "yubiKey U2F authentication";
username = mkOption {
type = types.str;
default = "h";
};
origin = mkOption {
type = types.str;
default = "pam://yubi";
@@ -61,7 +57,7 @@ in
interactive = true;
cue = true;
inherit (cfg) origin;
authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys);
authfile = pkgs.writeText "u2f-mappings" (authfileContent username cfg.keys);
};
};
services = {