From 2276dd59cd1a193712d87a6eaf210d15b86dc90e Mon Sep 17 00:00:00 2001 From: Geir Okkenhaug Jerstad Date: Wed, 11 Jun 2025 09:21:19 +0200 Subject: [PATCH] added starship to sma user --- modules/users/sma.nix | 73 +++++++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 27 deletions(-) diff --git a/modules/users/sma.nix b/modules/users/sma.nix index f18fe35..ed9f355 100644 --- a/modules/users/sma.nix +++ b/modules/users/sma.nix @@ -1,28 +1,30 @@ # Admin User Configuration - sma # Named after Diziet Sma, pragmatic Special Circumstances agent # Role: System administration, security oversight, maintenance -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { users.users.sma = { description = "Diziet Sma - System Administrator"; isNormalUser = true; - uid = 1001; # Fixed UID for consistency across machines - group = "sma"; # Primary group - + uid = 1001; # Fixed UID for consistency across machines + group = "sma"; # Primary group + # Admin privileges extraGroups = [ - "wheel" # sudo access + "wheel" # sudo access "networkmanager" # network management - "libvirt" # virtualization management - "incus-admin" # container management - "podman" # container runtime - "docker" # docker compatibility (if needed) + "libvirt" # virtualization management + "incus-admin" # container management + "podman" # container runtime + "docker" # docker compatibility (if needed) ]; # Security-focused shell setup shell = pkgs.zsh; - + # SSH key-based authentication only (no password login) openssh.authorizedKeys.keys = [ # Admin key for server administration @@ -34,28 +36,28 @@ # System monitoring and diagnostics (htop, lsof, strace moved to base.nix) iotop nethogs - + # Network tools (nmap moved to base.nix) tcpdump wireshark-cli - + # File and disk utilities (tree, fd, ripgrep, fzf, ncdu moved to base.nix) - + # Text processing (jq, yq moved to base.nix) - + # Version control (git moved to base.nix) - + # Container management podman-compose - + # Backup and sync rsync rclone - + # Security tools age sops - + # NixOS specific tools nixos-rebuild nix-tree @@ -68,7 +70,7 @@ enable = true; autosuggestions.enable = true; syntaxHighlighting.enable = true; - + # Admin-focused aliases shellAliases = { # System management (use current system configuration) @@ -78,35 +80,52 @@ "rebuild-flake" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake ."; "rebuild-flake-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake ."; "rebuild-flake-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake ."; - + # Container management "pods" = "podman ps -a"; "images" = "podman images"; "logs" = "podman logs"; - + # System monitoring "disk-usage" = "df -h"; "mem-usage" = "free -h"; "processes" = "ps aux | head -20"; - + # Network "ports" = "ss -tulpn"; "connections" = "ss -tuln"; - + # Security "audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'"; "audit-sudo" = "cat /etc/sudoers.d/*"; }; + interactiveShellInit = '' + # Emacs-style keybindings + bindkey -e + + # Disable annoying shell options + unsetopt beep nomatch + + # Completion configuration + zstyle ':completion:*' completer _expand _complete _ignored + zstyle ':completion:*' matcher-list "" + autoload -Uz compinit + compinit + + # Initialize shell enhancements + eval "$(starship init zsh)" + eval "$(direnv hook zsh)" + ''; }; # Sudo configuration for admin user security.sudo.extraRules = [ { - users = [ "sma" ]; + users = ["sma"]; commands = [ { command = "ALL"; - options = [ "NOPASSWD" ]; # Allow passwordless sudo for admin tasks + options = ["NOPASSWD"]; # Allow passwordless sudo for admin tasks } ]; } @@ -120,6 +139,6 @@ # Create the sma group users.groups.sma = { - gid = 992; # Fixed GID for consistency across machines + gid = 992; # Fixed GID for consistency across machines }; }