diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index c5604f8..a0d5395 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -6,8 +6,6 @@ , ... }: let - passwords = import ../../../variables/passwords.crypt.nix; - localTcpPorts = [ 22 @@ -30,6 +28,7 @@ in ../../snippets/nix-settings-holo-chain.nix ../../snippets/radicale.nix ../../snippets/sway-desktop.nix + ../../snippets/timezone.nix ]; nix.settings = { @@ -64,6 +63,8 @@ in } ]; + networking.networkmanager.enable = true; + networking.extraHosts = '' ''; @@ -122,8 +123,6 @@ in services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; - time.timeZone = lib.mkForce passwords.timeZone.stefan; - hardware.ledger.enable = true; # services.zerotierone = { diff --git a/nix/os/devices/steveej-t14/user.nix b/nix/os/devices/steveej-t14/user.nix index ece9cec..f9201cd 100644 --- a/nix/os/devices/steveej-t14/user.nix +++ b/nix/os/devices/steveej-t14/user.nix @@ -1,19 +1,20 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let keys = import ../../../variables/keys.nix; - inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser; -in { + inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; +in +{ users.extraUsers.steveej2 = mkUser { uid = 1001; openssh.authorizedKeys.keys = keys.users.steveej.openssh; - passwordFile = config.sops.secrets.sharedUsers-steveej.path; + hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; }; - nix.settings.trusted-users = ["steveej"]; + nix.settings.trusted-users = [ "steveej" ]; security.pam.u2f.enable = true; security.pam.services.steveej.u2fAuth = true; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 9a082d1..cd2f9f2 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -45,12 +45,11 @@ # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # sops.defaultSopsFormat = "yaml"; - # users.commonUsers = { - # enable = true; - # enableNonRoot = true; - # }; - - users.users.root.initialPassword = "install"; + users.commonUsers = { + enable = true; + enableNonRoot = true; + installPassword = "install"; + }; } nodeFlake.inputs.home-manager.nixosModules.home-manager @@ -66,14 +65,9 @@ bluetoothMac = "65:9e:7a:8b:86:28"; }; - networking = { - hostName = nodeName; - - firewall.enable = true; - - # useNetworkd = true; - }; - + networking.hostName = nodeName; + networking.firewall.enable = true; + networking.networkmanager.enable = true; nixpkgs.config.allowUnfree = true; diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 252989e..38930fe 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -6,35 +6,34 @@ let keys = import ../../variables/keys.nix; in { - mkUser = args: ( - lib.attrsets.recursiveUpdate - { - isNormalUser = true; - extraGroups = [ - "docker" - "wheel" - "libvirtd" - "networkmanager" - "vboxusers" - "users" - "input" - "audio" - "video" - "cdrom" - "adbusers" - "dialout" - "cdrom" - "fuse" - ]; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + mkUser = args: lib.mkMerge [ + { + isNormalUser = true; + extraGroups = [ + "docker" + "wheel" + "libvirtd" + "networkmanager" + "vboxusers" + "users" + "input" + "audio" + "video" + "cdrom" + "adbusers" + "dialout" + "cdrom" + "fuse" + ]; + openssh.authorizedKeys.keys = keys.users.steveej.openssh; - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - } - args - ); + # TODO: investigate why this secret cannot be found + # openssh.authorizedKeys.keyFiles = [ + # config.sops.secrets.sharedSshKeys-steveej.path + # ]; + } + args + ]; disk = rec { # TODO: verify the GPT PARTLABEL cap at 36 chars diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 4039a9e..7fa2c2d 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,9 +1,8 @@ -{ - config, - pkgs, - lib, - nodeName, - ... +{ config +, pkgs +, lib +, nodeName +, ... }: { networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; @@ -15,11 +14,11 @@ ''; # Fonts, I18N, Date ... - fonts.fonts = [pkgs.corefonts]; + fonts.packages = [ pkgs.corefonts ]; console.font = "lat9w-16"; - i18n = {defaultLocale = "en_US.UTF-8";}; + i18n = { defaultLocale = "en_US.UTF-8"; }; time.timeZone = "Etc/UTC"; services.gpm.enable = true; @@ -52,6 +51,6 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = ["/share/zsh"]; + environment.pathsToLink = [ "/share/zsh" ]; programs.fuse.userAllowOther = true; } diff --git a/nix/os/profiles/common/user.nix b/nix/os/profiles/common/user.nix index b21cd4e..0df5e5f 100644 --- a/nix/os/profiles/common/user.nix +++ b/nix/os/profiles/common/user.nix @@ -1,9 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let keys = import ../../../variables/keys.nix; inherit (import ../../lib/default.nix { @@ -16,7 +16,8 @@ inherit (lib) types; cfg = config.users.commonUsers; -in { +in +{ options.users.commonUsers = { enable = lib.mkOption { default = true; @@ -32,41 +33,64 @@ in { default = config.sops.secrets.sharedUsers-root.path; type = types.path; }; + + installPassword = lib.mkOption { + default = ""; + type = types.str; + }; }; - config = lib.mkIf cfg.enable { - sops.secrets.sharedUsers-root = { - sopsFile = ../../../../secrets/shared-users.yaml; - neededForUsers = true; - format = "yaml"; - }; + config = lib.mkIf cfg.enable (lib.mkMerge [ + (lib.mkIf (cfg.installPassword == "") { + sops.secrets.sharedUsers-root = { + sopsFile = ../../../../secrets/shared-users.yaml; + neededForUsers = true; + format = "yaml"; + }; - sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { - sopsFile = ../../../../secrets/shared-users.yaml; - neededForUsers = true; - format = "yaml"; - }; + sops.secrets.sharedUsers-steveej = lib.mkIf cfg.enableNonRoot { + sopsFile = ../../../../secrets/shared-users.yaml; + neededForUsers = true; + format = "yaml"; + }; - sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { - sopsFile = ../../../../secrets/shared-users.yaml; - # neededForUsers = true; - format = "yaml"; - }; + sops.secrets.sharedSshKeys-steveej = lib.mkIf cfg.enableNonRoot { + sopsFile = ../../../../secrets/shared-users.yaml; + # neededForUsers = true; + format = "yaml"; + }; + }) - users.mutableUsers = lib.mkForce false; + { + users.mutableUsers = lib.mkForce false; - users.extraUsers.root = { - passwordFile = cfg.rootPasswordFile; - openssh.authorizedKeys.keys = keys.users.steveej.openssh; + users.users.root = lib.mkMerge [ + { + openssh.authorizedKeys.keys = keys.users.steveej.openssh; + } - # TODO: investigate why this secret cannot be found - # openssh.authorizedKeys.keyFiles = [ - # config.sops.secrets.sharedSshKeys-steveej.path - # ]; - }; + (lib.mkIf (cfg.installPassword != "") { + password = cfg.installPassword; + }) - users.extraUsers.steveej = lib.mkIf cfg.enableNonRoot (mkUser { - uid = 1000; - passwordFile = config.sops.secrets.sharedUsers-steveej.path; - }); - }; + (lib.mkIf (cfg.installPassword == "") { + hashedPasswordFile = cfg.rootPasswordFile; + }) + ]; + + + users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ + { + uid = 1000; + } + + (lib.mkIf (cfg.installPassword != "") { + password = cfg.installPassword; + }) + + (lib.mkIf (cfg.installPassword == "") { + hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; + }) + ])); + } + ]); } diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 8f8bf23..e032d26 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -35,6 +35,10 @@ in # $ xdg-open "https://github.com/" # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop xdgOpenUsePortal = false; + + # keep the behaviour in < 1.17, which uses the first portal implementation found in lexicographical order, use the following: + config.common.default = "*"; + extraPortals = [ pkgs.xdg-desktop-portal-wlr pkgs.xdg-desktop-portal-gtk @@ -59,8 +63,6 @@ in #jack.enable = true; }; - networkmanager.enable = false; - security.pam.services.getty.enableGnomeKeyring = true; services.gnome.gnome-keyring.enable = true; # autologin steveej on tty1 diff --git a/nix/os/snippets/timezone.nix b/nix/os/snippets/timezone.nix new file mode 100644 index 0000000..9ed1dea --- /dev/null +++ b/nix/os/snippets/timezone.nix @@ -0,0 +1,9 @@ +{ lib, ... }: + +let + passwords = import ../../../variables/passwords.crypt.nix; + +in +{ + time.timeZone = lib.mkDefault passwords.timeZone.stefan; +}