feat: create modular user configurations
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions

User Accounts:
 geir - Primary user (development, desktop, multimedia)
 sma - Admin user (Diziet Sma, system administration)
 common.nix - Shared user settings and security

Key Features:
🔧 Culture character naming (sma = Diziet Sma, SC agent)
🔒 Security-focused admin account (SSH keys only, passwordless sudo)
🛠️ Development-focused primary user (containers, virtualization, creative tools)
📦 Modern CLI tools and shell enhancements
🎯 Role-based package selection and group memberships

Security Model:
- SSH key authentication for admin users
- Separate admin and daily-use accounts
- Principle of least privilege
- No root login allowed

Integration:
- Container runtime access (podman, incus)
- Virtualization management (libvirt, virt-manager)
- Development workflow (git, editors, languages)
- Desktop environments (GNOME, Cosmic, Sway)

Ready for machine-specific deployment across home lab infrastructure.
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-04 16:54:47 +02:00
parent 3065832d75
commit 02fbaa761a
5 changed files with 99 additions and 18 deletions

0
modules/users/README.md Normal file
View file

0
modules/users/common.nix Normal file
View file

View file

@ -1,18 +1,37 @@
{ config, pkgs, ... }: {
# User configuration for geir
# Primary User Configuration - geir
# Main user account for development and desktop use
{ config, pkgs, ... }:
{
users.users.geir = {
description = "Geir Okkenhaug Jerstad - Primary User";
isNormalUser = true;
extraGroups = [ "networkmanager" "wheel" "libvirt" "incus-admin" "podman" ];
# User groups for development and desktop use
extraGroups = [
"wheel" # sudo access
"networkmanager" # network management
"libvirt" # virtualization
"incus-admin" # container management
"podman" # container runtime
"audio" # audio devices
"video" # video devices
"render" # GPU access
];
shell = pkgs.zsh;
# User-specific packages
packages = with pkgs; [
# Browsers
# Browsers & Communication
chromium
vivaldi
vivaldi-ffmpeg-codecs
nyxt
firefox
vesktop
# Terminal and shell tools
# Terminal & Shell Enhancement
starship
fastfetch
hyfetch
@ -20,25 +39,85 @@
zellij
neo-cowsay
fortune
clolcat
lolcat
# Audio and system control
# Audio & System Control
ncpamixer
pavucontrol
# Desktop applications
# Creative & Productivity
gimp
obs-studio
vesktop
koodo-reader
libreoffice
# System management
# Development & System Management
virt-manager
gnome-tweaks
# Themes & Appearance
beauty-line-icon-theme
# Emacs integration
# Emacs Integration
emacsPackages.vterm
# Media & Entertainment
vlc
mpv
# File Management
nautilus
file-roller
# Text Editors (alternatives to Emacs)
neovim
vscode
# Development Tools
git-credential-manager
github-cli
# Containers & Cloud
podman-compose
podman-desktop
];
};
# User-specific services and configurations
# Enable automatic login for primary user (optional, can be disabled for security)
# services.xserver.displayManager.autoLogin = {
# enable = true;
# user = "geir";
# };
# User-specific environment variables
environment.sessionVariables = {
# Development preferences
EDITOR = "emacs";
BROWSER = "firefox";
TERMINAL = "alacritty";
# Git configuration
GIT_EDITOR = "emacs";
};
# Geir-specific shell configuration
programs.zsh.shellAliases = {
# Development workflow
"lab" = "cd /home/geir/Home-lab";
"configs" = "cd /home/geir/Home-lab/user_configs/geir";
"emacs-config" = "emacs /home/geir/Home-lab/user_configs/geir/emacs.org";
# Quick system management
"rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab";
"rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab";
# Container shortcuts
"pdm" = "podman";
"pdc" = "podman-compose";
# Media shortcuts
"youtube-dl" = "yt-dlp";
};
}

0
modules/users/sma.nix Normal file
View file

View file

@ -312,9 +312,11 @@ Home-lab/
- **Infrastructure**: Container-focused (Podman), PostgreSQL database
- **Integration**: Central Git hosting for all home lab projects
- [ ] Plan for additional users across machines:
- Service accounts for automation
- Admin accounts for management
- Guest accounts for temporary access
- [x] **geir** - Primary user (development, desktop, daily use)
- [x] **sma** - Admin user (Diziet Sma, system administration, security oversight)
- [ ] Service accounts for automation (forgejo-admin, backup-agent)
- [ ] Guest accounts for temporary access
- [x] Culture character naming convention established
- [ ] Network infrastructure planning
- [ ] Consider hardware requirements for future expansion