geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: create modular user configurations
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Details

Browse source 
∙
∙ User Accounts:
∙  geir - Primary user (development, desktop, multimedia)
∙  sma - Admin user (Diziet Sma, system administration)
∙  common.nix - Shared user settings and security
∙
∙ Key Features:
∙ 🔧 Culture character naming (sma = Diziet Sma, SC agent)
∙ 🔒 Security-focused admin account (SSH keys only, passwordless sudo)
∙ 🛠<fe0f> Development-focused primary user (containers, virtualization, creative tools)
∙ 📦 Modern CLI tools and shell enhancements
∙ 🎯 Role-based package selection and group memberships
∙
∙ Security Model:
∙ - SSH key authentication for admin users
∙ - Separate admin and daily-use accounts
∙ - Principle of least privilege
∙ - No root login allowed
∙
∙ Integration:
∙ - Container runtime access (podman, incus)
∙ - Virtualization management (libvirt, virt-manager)
∙ - Development workflow (git, editors, languages)
∙ - Desktop environments (GNOME, Cosmic, Sway)
∙
∙ Ready for machine-specific deployment across home lab infrastructure.
This commit is contained in:
Geir Okkenhaug Jerstad 2025-06-04 16:56:22 +02:00
parent 02fbaa761a
commit ec9efc5ca1
4 changed files with 380 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

114
modules/users/README.md
View file

@ -0,0 +1,114 @@
# User Configurations
This directory contains modular user configurations for the home lab infrastructure.
## Philosophy
Following the Culture ship naming convention and Emacs org-mode literate programming approach, user configurations are organized to be:
- **Modular**: Each user has their own configuration module
- **Shared**: Common settings are in `common.nix`
- **Character-driven**: User names follow Culture character names
- **Functional**: Focus on practical daily use and system administration
## User Accounts
### Primary Users
#### `geir` - Primary User Account
- **Role**: Development, desktop use, daily computing
- **Access**: Full desktop environments (GNOME, Cosmic, Sway)
- **Focus**: Development tools, creative applications, multimedia
- **Groups**: wheel, networkmanager, libvirt, incus-admin, podman, audio, video, render
#### `sma` - System Administrator
- **Full Name**: Named after Diziet Sma (Special Circumstances agent)
- **Role**: System administration, security oversight, maintenance
- **Access**: SSH-only, command-line focused
- **Focus**: Monitoring, containers, security, infrastructure management
- **Groups**: wheel, networkmanager, libvirt, incus-admin, podman
- **Security**: SSH key authentication only, passwordless sudo
### Service Accounts (Future)
- Consider adding service-specific users for:
- `forgejo-admin`: Forgejo administration
- `media-admin`: Jellyfin/media server management
- `backup-agent`: Automated backup operations
## File Structure
```
modules/users/
├── common.nix # Shared user settings and packages
├── geir.nix # Primary user configuration
├── sma.nix # Admin user configuration
└── README.md # This documentation
```
## Design Principles
### Security
- SSH key-based authentication for admin users
- Principle of least privilege
- Separate admin and daily-use accounts
- No root login allowed
### Convenience
- Modern CLI tools and aliases
- Development-focused package selection
- Shell enhancements (zsh, starship, syntax highlighting)
- Container and virtualization integration
### Consistency
- Common aliases and environment variables
- Shared shell configuration
- Standardized directory permissions
- Culture-inspired naming convention
## Integration Points
### With System Configuration
- Desktop environment modules automatically enable GUI applications
- Virtualization modules grant appropriate group memberships
- Network modules configure user network access
### With User Configs
- Literate configurations stored in `/home/geir/Home-lab/user_configs/`
- Emacs org-mode files for complex configurations
- Automatic tangling of configuration files
- Version control integration
### With Services
- User accounts automatically configured for enabled services
- Container runtime access for development users
- Monitoring and administration access for admin users
## Usage Examples
### Adding a New User
1. Create new module file: `modules/users/new-username.nix`
2. Choose appropriate Culture character name
3. Define role-specific packages and groups
4. Import in machine configuration
5. Document in this README
### Modifying User Access
- Edit `extraGroups` for service access
- Update `packages` for new tools
- Modify shell aliases for workflow improvements
- Adjust sudo rules for administrative access
### Security Considerations
- Regular audit of user accounts and permissions
- SSH key rotation schedule
- Monitor sudo usage and administrative actions
- Review group memberships quarterly
## Culture Character Reference
- **Diziet Sma**: Pragmatic SC agent, perfect for system administration
- **Cheradenine Zakalwe**: Complex SC agent, high-capability operations
- **Jernau Morat Gurgeh**: Strategic game player, systematic thinking
- **Perosteck Balveda**: Professional SC agent, reliable operations
Choose character names that reflect the user's role and personality within the home lab infrastructure.