feat: create modular user configurations
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
User Accounts: ✅ geir - Primary user (development, desktop, multimedia) ✅ sma - Admin user (Diziet Sma, system administration) ✅ common.nix - Shared user settings and security Key Features: 🔧 Culture character naming (sma = Diziet Sma, SC agent) 🔒 Security-focused admin account (SSH keys only, passwordless sudo) 🛠️ Development-focused primary user (containers, virtualization, creative tools) 📦 Modern CLI tools and shell enhancements 🎯 Role-based package selection and group memberships Security Model: - SSH key authentication for admin users - Separate admin and daily-use accounts - Principle of least privilege - No root login allowed Integration: - Container runtime access (podman, incus) - Virtualization management (libvirt, virt-manager) - Development workflow (git, editors, languages) - Desktop environments (GNOME, Cosmic, Sway) Ready for machine-specific deployment across home lab infrastructure.
This commit is contained in:
parent
3065832d75
commit
02fbaa761a
5 changed files with 99 additions and 18 deletions
0
modules/users/README.md
Normal file
0
modules/users/README.md
Normal file
0
modules/users/common.nix
Normal file
0
modules/users/common.nix
Normal file
|
@ -1,18 +1,37 @@
|
||||||
{ config, pkgs, ... }: {
|
# Primary User Configuration - geir
|
||||||
# User configuration for geir
|
# Main user account for development and desktop use
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
users.users.geir = {
|
users.users.geir = {
|
||||||
|
description = "Geir Okkenhaug Jerstad - Primary User";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "networkmanager" "wheel" "libvirt" "incus-admin" "podman" ];
|
|
||||||
|
# User groups for development and desktop use
|
||||||
|
extraGroups = [
|
||||||
|
"wheel" # sudo access
|
||||||
|
"networkmanager" # network management
|
||||||
|
"libvirt" # virtualization
|
||||||
|
"incus-admin" # container management
|
||||||
|
"podman" # container runtime
|
||||||
|
"audio" # audio devices
|
||||||
|
"video" # video devices
|
||||||
|
"render" # GPU access
|
||||||
|
];
|
||||||
|
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
|
||||||
|
# User-specific packages
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
# Browsers
|
# Browsers & Communication
|
||||||
chromium
|
chromium
|
||||||
vivaldi
|
vivaldi
|
||||||
vivaldi-ffmpeg-codecs
|
vivaldi-ffmpeg-codecs
|
||||||
nyxt
|
nyxt
|
||||||
firefox
|
firefox
|
||||||
|
vesktop
|
||||||
# Terminal and shell tools
|
|
||||||
|
# Terminal & Shell Enhancement
|
||||||
starship
|
starship
|
||||||
fastfetch
|
fastfetch
|
||||||
hyfetch
|
hyfetch
|
||||||
|
@ -20,25 +39,85 @@
|
||||||
zellij
|
zellij
|
||||||
neo-cowsay
|
neo-cowsay
|
||||||
fortune
|
fortune
|
||||||
clolcat
|
lolcat
|
||||||
|
|
||||||
# Audio and system control
|
# Audio & System Control
|
||||||
ncpamixer
|
ncpamixer
|
||||||
pavucontrol
|
pavucontrol
|
||||||
|
|
||||||
# Desktop applications
|
# Creative & Productivity
|
||||||
gimp
|
gimp
|
||||||
obs-studio
|
obs-studio
|
||||||
vesktop
|
|
||||||
koodo-reader
|
koodo-reader
|
||||||
|
libreoffice
|
||||||
|
|
||||||
# System management
|
# Development & System Management
|
||||||
virt-manager
|
virt-manager
|
||||||
gnome-tweaks
|
gnome-tweaks
|
||||||
|
|
||||||
|
# Themes & Appearance
|
||||||
beauty-line-icon-theme
|
beauty-line-icon-theme
|
||||||
|
|
||||||
# Emacs integration
|
# Emacs Integration
|
||||||
emacsPackages.vterm
|
emacsPackages.vterm
|
||||||
|
|
||||||
|
# Media & Entertainment
|
||||||
|
vlc
|
||||||
|
mpv
|
||||||
|
|
||||||
|
# File Management
|
||||||
|
nautilus
|
||||||
|
file-roller
|
||||||
|
|
||||||
|
# Text Editors (alternatives to Emacs)
|
||||||
|
neovim
|
||||||
|
vscode
|
||||||
|
|
||||||
|
# Development Tools
|
||||||
|
git-credential-manager
|
||||||
|
github-cli
|
||||||
|
|
||||||
|
# Containers & Cloud
|
||||||
|
podman-compose
|
||||||
|
podman-desktop
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# User-specific services and configurations
|
||||||
|
|
||||||
|
# Enable automatic login for primary user (optional, can be disabled for security)
|
||||||
|
# services.xserver.displayManager.autoLogin = {
|
||||||
|
# enable = true;
|
||||||
|
# user = "geir";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# User-specific environment variables
|
||||||
|
environment.sessionVariables = {
|
||||||
|
# Development preferences
|
||||||
|
EDITOR = "emacs";
|
||||||
|
BROWSER = "firefox";
|
||||||
|
TERMINAL = "alacritty";
|
||||||
|
|
||||||
|
# Git configuration
|
||||||
|
GIT_EDITOR = "emacs";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Geir-specific shell configuration
|
||||||
|
programs.zsh.shellAliases = {
|
||||||
|
# Development workflow
|
||||||
|
"lab" = "cd /home/geir/Home-lab";
|
||||||
|
"configs" = "cd /home/geir/Home-lab/user_configs/geir";
|
||||||
|
"emacs-config" = "emacs /home/geir/Home-lab/user_configs/geir/emacs.org";
|
||||||
|
|
||||||
|
# Quick system management
|
||||||
|
"rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab";
|
||||||
|
"rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab";
|
||||||
|
|
||||||
|
# Container shortcuts
|
||||||
|
"pdm" = "podman";
|
||||||
|
"pdc" = "podman-compose";
|
||||||
|
|
||||||
|
# Media shortcuts
|
||||||
|
"youtube-dl" = "yt-dlp";
|
||||||
|
};
|
||||||
}
|
}
|
0
modules/users/sma.nix
Normal file
0
modules/users/sma.nix
Normal file
8
plan.md
8
plan.md
|
@ -312,9 +312,11 @@ Home-lab/
|
||||||
- **Infrastructure**: Container-focused (Podman), PostgreSQL database
|
- **Infrastructure**: Container-focused (Podman), PostgreSQL database
|
||||||
- **Integration**: Central Git hosting for all home lab projects
|
- **Integration**: Central Git hosting for all home lab projects
|
||||||
- [ ] Plan for additional users across machines:
|
- [ ] Plan for additional users across machines:
|
||||||
- Service accounts for automation
|
- [x] **geir** - Primary user (development, desktop, daily use)
|
||||||
- Admin accounts for management
|
- [x] **sma** - Admin user (Diziet Sma, system administration, security oversight)
|
||||||
- Guest accounts for temporary access
|
- [ ] Service accounts for automation (forgejo-admin, backup-agent)
|
||||||
|
- [ ] Guest accounts for temporary access
|
||||||
|
- [x] Culture character naming convention established
|
||||||
- [ ] Network infrastructure planning
|
- [ ] Network infrastructure planning
|
||||||
- [ ] Consider hardware requirements for future expansion
|
- [ ] Consider hardware requirements for future expansion
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue