diff --git a/home/crow/common/core/default.nix b/home/crow/common/core/default.nix new file mode 100644 index 0000000..dcfb293 --- /dev/null +++ b/home/crow/common/core/default.nix @@ -0,0 +1,37 @@ +{ + config, + lib, + pkgs, + hostSpec, + ... +}: let + platform = + if hostSpec.isDarwin + then "darwin" + else "nixos"; +in { + imports = lib.flatten [ + (map lib.custom.relativeToRoot [ + "modules/common/host-spec.nix" + "modules/home" + ]) + ./${platform.nix} + ./xdg.nix + ]; + + inherit hostSpec; + + home = { + username = lib.mkDefault config.hostSpec.username; + homeDirectory = lib.mkDefault config.hostSpec.home; + stateVersion = lib.mkDefault "24.05"; + + sessionVariables = { + SHELL = "zsh"; + TERM = "foot"; + TERMINAL = "foot"; + VISUAL = "nvim"; + EDITOR = "nvim"; + }; + }; +} diff --git a/home/crow/common/core/xdg.nix b/home/crow/common/core/xdg.nix new file mode 100644 index 0000000..f8f7807 --- /dev/null +++ b/home/crow/common/core/xdg.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + hostSpec, + ... +}: { + home = { + preferXdgDirectories = true; + xdg = { + enable = true; + userDirs = { + enable = true; + createDirectories = true; + desktop = "${config.home.homeDirectory}/.desktop"; + documents = "${config.home.homeDirectory}/Documents"; + download = "${config.home.homeDirectory}/Downloads"; + music = "${config.home.homeDirectory}/media/audio"; + pictures = "${config.home.homeDirectory}/media/images"; + videos = "${config.home.homeDirectory}/media/video"; + }; + + extraConfig = { + XDG_PUBLICSHARE_DIR = "/var/empty"; + XDG_TEMPLATES_DIR = "/var/empty"; + }; + }; + }; +} diff --git a/hosts/common/users/primary/nixos.nix b/hosts/common/users/primary/nixos.nix new file mode 100644 index 0000000..489fbde --- /dev/null +++ b/hosts/common/users/primary/nixos.nix @@ -0,0 +1,46 @@ +# User config applicable only to nixos +{ + inputs, + config, + lib, + pkgs, + ... +}: let + hostSpec = config.hostSpec; + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + + # Decrypt password to /run/secrets-for-users/ so it can be used to create the user + sopsHashedPasswordFile = lib.optionalString (!config.hostSpec.isMinimal) config.sops.secrets."passwords/${hostSpec.username}".path; +in { + users.mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation! + users.users.${hostSpec.username} = { + home = "/home/${hostSpec.username}"; + isNormalUser = true; + hashedPasswordFile = sopsHashedPasswordFile; # Blank if sops is not working. + + extraGroups = lib.flatten [ + "wheel" + (ifTheyExist [ + "audio" + "video" + "docker" + "podman" + "dialout" + "git" + "networkmanager" + "scanner" # for print/scan" + "lp" # for print/scan" + ]) + ]; + }; + + # No matter what environment we are in we want these tools for root, and the user(s) + programs.git.enable = true; + + users.users.root = { + shell = pkgs.zsh; + hashedPasswordFile = config.users.users.${hostSpec.username}.hashedPasswordFile; + hashedPassword = config.users.users.${hostSpec.username}.hashedPassword; # This comes from hosts/common/optional/minimal.nix and gets overridden if sops is working + openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment. + }; +}