TODO: finish setting up core user settings

2026-01-11 17:54:08 -05:00 · 2025-06-07 09:03:05 -04:00 · 2025-06-07 09:03:05 -04:00 · 27af396b1f
commit 27af396b1f
parent 60b08d8dc4
3 changed files with 111 additions and 0 deletions
--- a/home/crow/common/core/default.nix
+++ b/home/crow/common/core/default.nix
@ -0,0 +1,37 @@
+{
+  config,
+  lib,
+  pkgs,
+  hostSpec,
+  ...
+}: let
+  platform =
+    if hostSpec.isDarwin
+    then "darwin"
+    else "nixos";
+in {
+  imports = lib.flatten [
+    (map lib.custom.relativeToRoot [
+      "modules/common/host-spec.nix"
+      "modules/home"
+    ])
+    ./${platform.nix}
+    ./xdg.nix
+  ];
+
+  inherit hostSpec;
+
+  home = {
+    username = lib.mkDefault config.hostSpec.username;
+    homeDirectory = lib.mkDefault config.hostSpec.home;
+    stateVersion = lib.mkDefault "24.05";
+
+    sessionVariables = {
+      SHELL = "zsh";
+      TERM = "foot";
+      TERMINAL = "foot";
+      VISUAL = "nvim";
+      EDITOR = "nvim";
+    };
+  };
+}
--- a/home/crow/common/core/xdg.nix
+++ b/home/crow/common/core/xdg.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  hostSpec,
+  ...
+}: {
+  home = {
+    preferXdgDirectories = true;
+    xdg = {
+      enable = true;
+      userDirs = {
+        enable = true;
+        createDirectories = true;
+        desktop = "${config.home.homeDirectory}/.desktop";
+        documents = "${config.home.homeDirectory}/Documents";
+        download = "${config.home.homeDirectory}/Downloads";
+        music = "${config.home.homeDirectory}/media/audio";
+        pictures = "${config.home.homeDirectory}/media/images";
+        videos = "${config.home.homeDirectory}/media/video";
+      };
+
+      extraConfig = {
+        XDG_PUBLICSHARE_DIR = "/var/empty";
+        XDG_TEMPLATES_DIR = "/var/empty";
+      };
+    };
+  };
+}
--- a/hosts/common/users/primary/nixos.nix
+++ b/hosts/common/users/primary/nixos.nix
@ -0,0 +1,46 @@
+# User config applicable only to nixos
+{
+  inputs,
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  hostSpec = config.hostSpec;
+  ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
+
+  # Decrypt password to /run/secrets-for-users/ so it can be used to create the user
+  sopsHashedPasswordFile = lib.optionalString (!config.hostSpec.isMinimal) config.sops.secrets."passwords/${hostSpec.username}".path;
+in {
+  users.mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation!
+  users.users.${hostSpec.username} = {
+    home = "/home/${hostSpec.username}";
+    isNormalUser = true;
+    hashedPasswordFile = sopsHashedPasswordFile; # Blank if sops is not working.
+
+    extraGroups = lib.flatten [
+      "wheel"
+      (ifTheyExist [
+        "audio"
+        "video"
+        "docker"
+        "podman"
+        "dialout"
+        "git"
+        "networkmanager"
+        "scanner" # for print/scan"
+        "lp" # for print/scan"
+      ])
+    ];
+  };
+
+  # No matter what environment we are in we want these tools for root, and the user(s)
+  programs.git.enable = true;
+
+  users.users.root = {
+    shell = pkgs.zsh;
+    hashedPasswordFile = config.users.users.${hostSpec.username}.hashedPasswordFile;
+    hashedPassword = config.users.users.${hostSpec.username}.hashedPassword; # This comes from hosts/common/optional/minimal.nix and gets overridden if sops is working
+    openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
+  };
+}