feat: create modular user configurations
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
User Accounts: ✅ geir - Primary user (development, desktop, multimedia) ✅ sma - Admin user (Diziet Sma, system administration) ✅ common.nix - Shared user settings and security Key Features: 🔧 Culture character naming (sma = Diziet Sma, SC agent) 🔒 Security-focused admin account (SSH keys only, passwordless sudo) 🛠️ Development-focused primary user (containers, virtualization, creative tools) 📦 Modern CLI tools and shell enhancements 🎯 Role-based package selection and group memberships Security Model: - SSH key authentication for admin users - Separate admin and daily-use accounts - Principle of least privilege - No root login allowed Integration: - Container runtime access (podman, incus) - Virtualization management (libvirt, virt-manager) - Development workflow (git, editors, languages) - Desktop environments (GNOME, Cosmic, Sway) Ready for machine-specific deployment across home lab infrastructure.
This commit is contained in:
parent
3065832d75
commit
02fbaa761a
5 changed files with 99 additions and 18 deletions
0
modules/users/README.md
Normal file
0
modules/users/README.md
Normal file
0
modules/users/common.nix
Normal file
0
modules/users/common.nix
Normal file
|
@ -1,18 +1,37 @@
|
|||
{ config, pkgs, ... }: {
|
||||
# User configuration for geir
|
||||
# Primary User Configuration - geir
|
||||
# Main user account for development and desktop use
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.geir = {
|
||||
description = "Geir Okkenhaug Jerstad - Primary User";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "networkmanager" "wheel" "libvirt" "incus-admin" "podman" ];
|
||||
|
||||
# User groups for development and desktop use
|
||||
extraGroups = [
|
||||
"wheel" # sudo access
|
||||
"networkmanager" # network management
|
||||
"libvirt" # virtualization
|
||||
"incus-admin" # container management
|
||||
"podman" # container runtime
|
||||
"audio" # audio devices
|
||||
"video" # video devices
|
||||
"render" # GPU access
|
||||
];
|
||||
|
||||
shell = pkgs.zsh;
|
||||
|
||||
# User-specific packages
|
||||
packages = with pkgs; [
|
||||
# Browsers
|
||||
# Browsers & Communication
|
||||
chromium
|
||||
vivaldi
|
||||
vivaldi-ffmpeg-codecs
|
||||
nyxt
|
||||
firefox
|
||||
vesktop
|
||||
|
||||
# Terminal and shell tools
|
||||
# Terminal & Shell Enhancement
|
||||
starship
|
||||
fastfetch
|
||||
hyfetch
|
||||
|
@ -20,25 +39,85 @@
|
|||
zellij
|
||||
neo-cowsay
|
||||
fortune
|
||||
clolcat
|
||||
lolcat
|
||||
|
||||
# Audio and system control
|
||||
# Audio & System Control
|
||||
ncpamixer
|
||||
pavucontrol
|
||||
|
||||
# Desktop applications
|
||||
# Creative & Productivity
|
||||
gimp
|
||||
obs-studio
|
||||
vesktop
|
||||
koodo-reader
|
||||
libreoffice
|
||||
|
||||
# System management
|
||||
# Development & System Management
|
||||
virt-manager
|
||||
gnome-tweaks
|
||||
|
||||
# Themes & Appearance
|
||||
beauty-line-icon-theme
|
||||
|
||||
# Emacs integration
|
||||
# Emacs Integration
|
||||
emacsPackages.vterm
|
||||
|
||||
# Media & Entertainment
|
||||
vlc
|
||||
mpv
|
||||
|
||||
# File Management
|
||||
nautilus
|
||||
file-roller
|
||||
|
||||
# Text Editors (alternatives to Emacs)
|
||||
neovim
|
||||
vscode
|
||||
|
||||
# Development Tools
|
||||
git-credential-manager
|
||||
github-cli
|
||||
|
||||
# Containers & Cloud
|
||||
podman-compose
|
||||
podman-desktop
|
||||
];
|
||||
};
|
||||
|
||||
# User-specific services and configurations
|
||||
|
||||
# Enable automatic login for primary user (optional, can be disabled for security)
|
||||
# services.xserver.displayManager.autoLogin = {
|
||||
# enable = true;
|
||||
# user = "geir";
|
||||
# };
|
||||
|
||||
# User-specific environment variables
|
||||
environment.sessionVariables = {
|
||||
# Development preferences
|
||||
EDITOR = "emacs";
|
||||
BROWSER = "firefox";
|
||||
TERMINAL = "alacritty";
|
||||
|
||||
# Git configuration
|
||||
GIT_EDITOR = "emacs";
|
||||
};
|
||||
|
||||
# Geir-specific shell configuration
|
||||
programs.zsh.shellAliases = {
|
||||
# Development workflow
|
||||
"lab" = "cd /home/geir/Home-lab";
|
||||
"configs" = "cd /home/geir/Home-lab/user_configs/geir";
|
||||
"emacs-config" = "emacs /home/geir/Home-lab/user_configs/geir/emacs.org";
|
||||
|
||||
# Quick system management
|
||||
"rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab";
|
||||
"rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab";
|
||||
|
||||
# Container shortcuts
|
||||
"pdm" = "podman";
|
||||
"pdc" = "podman-compose";
|
||||
|
||||
# Media shortcuts
|
||||
"youtube-dl" = "yt-dlp";
|
||||
};
|
||||
}
|
0
modules/users/sma.nix
Normal file
0
modules/users/sma.nix
Normal file
8
plan.md
8
plan.md
|
@ -312,9 +312,11 @@ Home-lab/
|
|||
- **Infrastructure**: Container-focused (Podman), PostgreSQL database
|
||||
- **Integration**: Central Git hosting for all home lab projects
|
||||
- [ ] Plan for additional users across machines:
|
||||
- Service accounts for automation
|
||||
- Admin accounts for management
|
||||
- Guest accounts for temporary access
|
||||
- [x] **geir** - Primary user (development, desktop, daily use)
|
||||
- [x] **sma** - Admin user (Diziet Sma, system administration, security oversight)
|
||||
- [ ] Service accounts for automation (forgejo-admin, backup-agent)
|
||||
- [ ] Guest accounts for temporary access
|
||||
- [x] Culture character naming convention established
|
||||
- [ ] Network infrastructure planning
|
||||
- [ ] Consider hardware requirements for future expansion
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue