geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added starship to sma user

Browse source
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-11 09:21:19 +02:00
parent 2a25c42063
commit 2276dd59cd
1 changed files with 46 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

73
modules/users/sma.nix
View file

@ -1,28 +1,30 @@
# Admin User Configuration - sma # Admin User Configuration - sma
# Named after Diziet Sma, pragmatic Special Circumstances agent # Named after Diziet Sma, pragmatic Special Circumstances agent
# Role: System administration, security oversight, maintenance # Role: System administration, security oversight, maintenance
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
users.users.sma = { users.users.sma = {
description = "Diziet Sma - System Administrator"; description = "Diziet Sma - System Administrator";
isNormalUser = true; isNormalUser = true;
uid = 1001; # Fixed UID for consistency across machines uid = 1001; # Fixed UID for consistency across machines
group = "sma"; # Primary group group = "sma"; # Primary group
# Admin privileges # Admin privileges
extraGroups = [ extraGroups = [
"wheel" # sudo access "wheel" # sudo access
"networkmanager" # network management "networkmanager" # network management
"libvirt" # virtualization management "libvirt" # virtualization management
"incus-admin" # container management "incus-admin" # container management
"podman" # container runtime "podman" # container runtime
"docker" # docker compatibility (if needed) "docker" # docker compatibility (if needed)
]; ];
# Security-focused shell setup # Security-focused shell setup
shell = pkgs.zsh; shell = pkgs.zsh;
# SSH key-based authentication only (no password login) # SSH key-based authentication only (no password login)
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# Admin key for server administration # Admin key for server administration
@ -34,28 +36,28 @@
# System monitoring and diagnostics (htop, lsof, strace moved to base.nix) # System monitoring and diagnostics (htop, lsof, strace moved to base.nix)
iotop iotop
nethogs nethogs
# Network tools (nmap moved to base.nix) # Network tools (nmap moved to base.nix)
tcpdump tcpdump
wireshark-cli wireshark-cli
# File and disk utilities (tree, fd, ripgrep, fzf, ncdu moved to base.nix) # File and disk utilities (tree, fd, ripgrep, fzf, ncdu moved to base.nix)
# Text processing (jq, yq moved to base.nix) # Text processing (jq, yq moved to base.nix)
# Version control (git moved to base.nix) # Version control (git moved to base.nix)
# Container management # Container management
podman-compose podman-compose
# Backup and sync # Backup and sync
rsync rsync
rclone rclone
# Security tools # Security tools
age age
sops sops
# NixOS specific tools # NixOS specific tools
nixos-rebuild nixos-rebuild
nix-tree nix-tree
@ -68,7 +70,7 @@
enable = true; enable = true;
autosuggestions.enable = true; autosuggestions.enable = true;
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
# Admin-focused aliases # Admin-focused aliases
shellAliases = { shellAliases = {
# System management (use current system configuration) # System management (use current system configuration)
@ -78,35 +80,52 @@
"rebuild-flake" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake ."; "rebuild-flake" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake .";
"rebuild-flake-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake ."; "rebuild-flake-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake .";
"rebuild-flake-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake ."; "rebuild-flake-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .";
# Container management # Container management
"pods" = "podman ps -a"; "pods" = "podman ps -a";
"images" = "podman images"; "images" = "podman images";
"logs" = "podman logs"; "logs" = "podman logs";
# System monitoring # System monitoring
"disk-usage" = "df -h"; "disk-usage" = "df -h";
"mem-usage" = "free -h"; "mem-usage" = "free -h";
"processes" = "ps aux | head -20"; "processes" = "ps aux | head -20";
# Network # Network
"ports" = "ss -tulpn"; "ports" = "ss -tulpn";
"connections" = "ss -tuln"; "connections" = "ss -tuln";
# Security # Security
"audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'"; "audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'";
"audit-sudo" = "cat /etc/sudoers.d/*"; "audit-sudo" = "cat /etc/sudoers.d/*";
}; };
interactiveShellInit = ''
# Emacs-style keybindings
bindkey -e
# Disable annoying shell options
unsetopt beep nomatch
# Completion configuration
zstyle ':completion:*' completer _expand _complete _ignored
zstyle ':completion:*' matcher-list ""
autoload -Uz compinit
compinit
# Initialize shell enhancements
eval "$(starship init zsh)"
eval "$(direnv hook zsh)"
'';
}; };
# Sudo configuration for admin user # Sudo configuration for admin user
security.sudo.extraRules = [ security.sudo.extraRules = [
{ {
users = [ "sma" ]; users = ["sma"];
commands = [ commands = [
{ {
command = "ALL"; command = "ALL";
options = [ "NOPASSWD" ]; # Allow passwordless sudo for admin tasks options = ["NOPASSWD"]; # Allow passwordless sudo for admin tasks
} }
]; ];
} }
@ -120,6 +139,6 @@
# Create the sma group # Create the sma group
users.groups.sma = { users.groups.sma = {
gid = 992; # Fixed GID for consistency across machines gid = 992; # Fixed GID for consistency across machines
}; };
} }