refactor: simplify 'user' options

modules/ai-tools/default.nix

@@ -1,7 +1,8 @@
 { config, myUtils, ... }:
 
 let
-  inherit (config.secrets) sopsDir username;
+  inherit (config.secrets) sopsDir;
+  inherit (config.host) username;
   owner = config.users.users.${username}.name;
 in
 {

modules/anki/default.nix

@@ -1,7 +1,8 @@
 { config, myUtils, ... }:
 
 let
-  inherit (config.secrets) sopsDir username;
+  inherit (config.secrets) sopsDir;
+  inherit (config.host) username;
   owner = config.users.users.${username}.name;
 in
 {

modules/common/default.nix

@@ -73,6 +73,11 @@ in
           myUtils
           ;
       };
+      sharedModules = [
+        {
+          host.username = lib.mkDefault config.host.username;
+        }
+      ];
     };
   };
 }

modules/docker/default.nix

@@ -2,29 +2,17 @@
 
 let
   cfg = config.docker;
+  inherit (config.host) username;
 in
 {
   options.docker = {
+    enable = lib.mkEnableOption "docker";
     rootless = lib.mkOption {
       type = lib.types.bool;
       default = false;
     };
-    user = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-    };
   };
   config = lib.mkMerge [
-    {
-      warnings = lib.flatten [
-        (lib.optional (
-          cfg.rootless && cfg.user != null
-        ) "'virtualisation.docker.user' is ignored when rootless mode is enabled")
-        (lib.optional (
-          !cfg.rootless && cfg.user == null
-        ) "'virtualisation.docker.user' is not set (no user is added to the docker group)")
-      ];
-    }
     (lib.mkIf cfg.rootless {
       virtualisation.docker = {
         enable = false;
@@ -34,11 +22,9 @@ in
         };
       };
     })
-    (lib.mkIf (!cfg.rootless && cfg.user != null) {
-      virtualisation.docker = {
-        enable = true;
-      };
-      users.users.${cfg.user}.extraGroups = [ "docker" ];
+    (lib.mkIf (cfg.enable && !cfg.rootless) {
+      virtualisation.docker.enable = true;
+      users.users.${username}.extraGroups = [ "docker" ];
     })
   ];
 }

modules/git/default.nix

@@ -4,7 +4,7 @@
 }:
 
 let
-  inherit (config.secrets) username;
+  inherit (config.host) username;
   owner = config.users.users.${username}.name;
 in
 {

modules/hcloud/default.nix

@@ -7,25 +7,22 @@
 
 let
   cfg = config.hcloud;
+  inherit (config.host) username;
   inherit (config.secrets) sopsDir;
 in
 {
   options.hcloud = {
     enable = lib.mkEnableOption "hcloud CLI configuration";
-    username = lib.mkOption {
-      type = lib.types.str;
-      description = "Username for hcloud CLI configuration";
-    };
   };
 
   config = lib.mkIf cfg.enable {
     sops.secrets = myUtils.mkSopsSecrets sopsDir "hcloud" [ "api-token" ] {
-      owner = config.users.users.${cfg.username}.name;
+      owner = config.users.users.${username}.name;
     };
 
     sops.templates."hcloud/cli.toml" = {
-      owner = config.users.users.${cfg.username}.name;
-      path = "/home/${cfg.username}/.config/hcloud/cli.toml";
+      owner = config.users.users.${username}.name;
+      path = "/home/${username}/.config/hcloud/cli.toml";
       content = ''
         active_context = "server"
 

modules/nfc/default.nix

@@ -2,15 +2,13 @@
 
 let
   cfg = config.nfc;
+  inherit (config.host) username;
 in
 {
   options.nfc = {
-    user = lib.mkOption {
-      type = lib.types.nullOr lib.types.str;
-      default = null;
-    };
+    enable = lib.mkEnableOption "NFC device access";
   };
-  config = lib.mkIf (cfg.user != null) {
-    users.users.${cfg.user}.extraGroups = [ "dialout" ];
+  config = lib.mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "dialout" ];
   };
 }

modules/secrets/default.nix

@@ -9,8 +9,9 @@
 
 let
   cfg = config.secrets;
+  inherit (config.host) username;
   inherit (cfg) sopsDir;
-  owner = config.users.users.${cfg.username}.name;
+  owner = config.users.users.${username}.name;
   mkSopsSecrets = myUtils.mkSopsSecrets sopsDir;
 in
 {
@@ -18,10 +19,6 @@ in
 
   options = {
     secrets = {
-      username = lib.mkOption {
-        type = lib.types.str;
-      };
-
       sopsDir = lib.mkOption {
         type = lib.types.str;
         default = "${toString inputs.nix-secrets}/secrets";
@@ -43,7 +40,7 @@ in
       # ```
       # age-plugin-yubikey --identity > <keyfile-path>
       # ```
-      age.keyFile = "/home/${cfg.username}/.config/sops/age/keys.txt";
+      age.keyFile = "/home/${username}/.config/sops/age/keys.txt";
 
       secrets = lib.mkMerge [
         (mkSopsSecrets "email" [ "personal" "work" ] { inherit owner; })

modules/ssh/authorized-keys.nix

@@ -1,14 +1,14 @@
 { lib, config, ... }:
+
+let
+  inherit (config.host) username;
+in
 {
   options.ssh = {
     authorizedHosts = lib.mkOption {
       type = lib.types.listOf lib.types.str;
       default = [ ];
     };
-    username = lib.mkOption {
-      type = lib.types.str;
-      default = "h";
-    };
     publicHostname = lib.mkOption {
       type = lib.types.str;
       default = "";
@@ -16,7 +16,7 @@
   };
 
   # auto generate authorized_keys from `authorizedHosts`
-  config.users.users.${config.ssh.username}.openssh.authorizedKeys.keys = lib.flatten (
+  config.users.users.${username}.openssh.authorizedKeys.keys = lib.flatten (
     map (
       hostname:
       let

modules/ssh/extract-keys.nix

@@ -1,6 +1,6 @@
 { lib, config, ... }:
 let
-  inherit (config.ssh) username;
+  inherit (config.host) username;
 in
 {
   # auto extract SSH keys

modules/syncthing/default.nix

@@ -7,23 +7,18 @@
 with lib;
 
 let
-  cfg = config.my.syncthing;
+  inherit (config.host) username;
 in
 {
-  options.my.syncthing.username = mkOption {
-    type = types.str;
-    default = "h";
-  };
-
   config = {
-    users.groups.${cfg.username} = { };
-    users.users.${cfg.username}.extraGroups = [ cfg.username ];
+    users.groups.${username} = { };
+    users.users.${username}.extraGroups = [ username ];
 
     services.syncthing = {
       enable = true;
-      user = cfg.username;
-      group = cfg.username;
-      configDir = "/home/${cfg.username}/.local/state/syncthing";
+      user = username;
+      group = username;
+      configDir = "/home/${username}/.local/state/syncthing";
       openDefaultPorts = true;
     };
   };

modules/taskwarrior/default.nix

@@ -1,7 +1,8 @@
 { config, myUtils, ... }:
 
 let
-  inherit (config.secrets) sopsDir username;
+  inherit (config.secrets) sopsDir;
+  inherit (config.host) username;
   owner = config.users.users.${username}.name;
 in
 {

modules/yubikey/default.nix

@@ -9,18 +9,14 @@ with lib;
 
 let
   cfg = config.my.yubikey;
+  inherit (config.host) username;
   formatKey = key: ":${key.handle},${key.userKey},${key.coseType},${key.options}";
-  authfileContent = username: keys: username + lib.concatMapStrings formatKey keys;
+  authfileContent = u: keys: u + lib.concatMapStrings formatKey keys;
 in
 {
   options.my.yubikey = {
     enable = mkEnableOption "yubiKey U2F authentication";
 
-    username = mkOption {
-      type = types.str;
-      default = "h";
-    };
-
     origin = mkOption {
       type = types.str;
       default = "pam://yubi";
@@ -61,7 +57,7 @@ in
           interactive = true;
           cue = true;
           inherit (cfg) origin;
-          authfile = pkgs.writeText "u2f-mappings" (authfileContent cfg.username cfg.keys);
+          authfile = pkgs.writeText "u2f-mappings" (authfileContent username cfg.keys);
         };
       };
       services = {