feat: create modular user configurations

∙
∙ User Accounts:
∙ ✅ geir - Primary user (development, desktop, multimedia)
∙ ✅ sma - Admin user (Diziet Sma, system administration)
∙ ✅ common.nix - Shared user settings and security
∙
∙ Key Features:
∙ 🔧 Culture character naming (sma = Diziet Sma, SC agent)
∙ 🔒 Security-focused admin account (SSH keys only, passwordless sudo)
∙ 🛠<fe0f> Development-focused primary user (containers, virtualization, creative tools)
∙ 📦 Modern CLI tools and shell enhancements
∙ 🎯 Role-based package selection and group memberships
∙
∙ Security Model:
∙ - SSH key authentication for admin users
∙ - Separate admin and daily-use accounts
∙ - Principle of least privilege
∙ - No root login allowed
∙
∙ Integration:
∙ - Container runtime access (podman, incus)
∙ - Virtualization management (libvirt, virt-manager)
∙ - Development workflow (git, editors, languages)
∙ - Desktop environments (GNOME, Cosmic, Sway)
∙
∙ Ready for machine-specific deployment across home lab infrastructure.

modules/users/README.md

@@ -0,0 +1,114 @@
+# User Configurations
+
+This directory contains modular user configurations for the home lab infrastructure.
+
+## Philosophy
+
+Following the Culture ship naming convention and Emacs org-mode literate programming approach, user configurations are organized to be:
+
+- **Modular**: Each user has their own configuration module
+- **Shared**: Common settings are in `common.nix`
+- **Character-driven**: User names follow Culture character names
+- **Functional**: Focus on practical daily use and system administration
+
+## User Accounts
+
+### Primary Users
+
+#### `geir` - Primary User Account
+- **Role**: Development, desktop use, daily computing
+- **Access**: Full desktop environments (GNOME, Cosmic, Sway)
+- **Focus**: Development tools, creative applications, multimedia
+- **Groups**: wheel, networkmanager, libvirt, incus-admin, podman, audio, video, render
+
+#### `sma` - System Administrator  
+- **Full Name**: Named after Diziet Sma (Special Circumstances agent)
+- **Role**: System administration, security oversight, maintenance
+- **Access**: SSH-only, command-line focused
+- **Focus**: Monitoring, containers, security, infrastructure management
+- **Groups**: wheel, networkmanager, libvirt, incus-admin, podman
+- **Security**: SSH key authentication only, passwordless sudo
+
+### Service Accounts (Future)
+- Consider adding service-specific users for:
+  - `forgejo-admin`: Forgejo administration
+  - `media-admin`: Jellyfin/media server management
+  - `backup-agent`: Automated backup operations
+
+## File Structure
+
+```
+modules/users/
+├── common.nix       # Shared user settings and packages
+├── geir.nix         # Primary user configuration
+├── sma.nix          # Admin user configuration
+└── README.md        # This documentation
+```
+
+## Design Principles
+
+### Security
+- SSH key-based authentication for admin users
+- Principle of least privilege
+- Separate admin and daily-use accounts
+- No root login allowed
+
+### Convenience
+- Modern CLI tools and aliases
+- Development-focused package selection
+- Shell enhancements (zsh, starship, syntax highlighting)
+- Container and virtualization integration
+
+### Consistency
+- Common aliases and environment variables
+- Shared shell configuration
+- Standardized directory permissions
+- Culture-inspired naming convention
+
+## Integration Points
+
+### With System Configuration
+- Desktop environment modules automatically enable GUI applications
+- Virtualization modules grant appropriate group memberships
+- Network modules configure user network access
+
+### With User Configs
+- Literate configurations stored in `/home/geir/Home-lab/user_configs/`
+- Emacs org-mode files for complex configurations
+- Automatic tangling of configuration files
+- Version control integration
+
+### With Services
+- User accounts automatically configured for enabled services
+- Container runtime access for development users
+- Monitoring and administration access for admin users
+
+## Usage Examples
+
+### Adding a New User
+1. Create new module file: `modules/users/new-username.nix`
+2. Choose appropriate Culture character name
+3. Define role-specific packages and groups
+4. Import in machine configuration
+5. Document in this README
+
+### Modifying User Access
+- Edit `extraGroups` for service access
+- Update `packages` for new tools
+- Modify shell aliases for workflow improvements
+- Adjust sudo rules for administrative access
+
+### Security Considerations
+- Regular audit of user accounts and permissions
+- SSH key rotation schedule
+- Monitor sudo usage and administrative actions
+- Review group memberships quarterly
+
+## Culture Character Reference
+
+- **Diziet Sma**: Pragmatic SC agent, perfect for system administration
+- **Cheradenine Zakalwe**: Complex SC agent, high-capability operations  
+- **Jernau Morat Gurgeh**: Strategic game player, systematic thinking
+- **Perosteck Balveda**: Professional SC agent, reliable operations
+
+Choose character names that reflect the user's role and personality within the home lab infrastructure.

modules/users/common.nix

@@ -0,0 +1,126 @@
+# Common User Configuration
+# Shared settings for all users in the home lab
+{ config, pkgs, ... }:
+
+{
+  # Common user settings
+  users = {
+    # Use mutable users for flexibility
+    mutableUsers = true;
+    
+    # Default shell for all users
+    defaultUserShell = pkgs.zsh;
+  };
+
+  # Enable zsh system-wide
+  programs.zsh = {
+    enable = true;
+    autosuggestions.enable = true;
+    syntaxHighlighting.enable = true;
+    
+    # Common aliases for all users
+    shellAliases = {
+      # Modern CLI tool replacements
+      "ls" = "eza --color=auto --group-directories-first";
+      "ll" = "eza -l --color=auto --group-directories-first";
+      "la" = "eza -la --color=auto --group-directories-first";
+      "tree" = "eza --tree";
+      
+      # Git shortcuts
+      "gs" = "git status";
+      "ga" = "git add";
+      "gc" = "git commit";
+      "gp" = "git push";
+      "gl" = "git log --oneline -10";
+      
+      # System shortcuts
+      "grep" = "rg";
+      "find" = "fd";
+      "cat" = "bat";
+      "top" = "btop";
+      
+      # Network
+      "ping" = "ping -c 5";
+      "myip" = "curl -s ifconfig.me";
+      
+      # Safety
+      "rm" = "rm -i";
+      "mv" = "mv -i";
+      "cp" = "cp -i";
+    };
+    
+    # Common environment variables
+    sessionVariables = {
+      EDITOR = "emacs";
+      BROWSER = "firefox";
+      TERMINAL = "alacritty";
+    };
+  };
+
+  # Common packages for all users
+  environment.systemPackages = with pkgs; [
+    # Essential CLI tools (already configured in base.nix)
+    # Adding user-specific tools here
+    
+    # Communication
+    firefox
+    thunderbird
+    
+    # Productivity
+    libreoffice
+    
+    # Development (basic)
+    git
+    curl
+    wget
+    
+    # Media
+    vlc
+    
+    # Utilities
+    file
+    unzip
+    zip
+  ];
+
+  # Common security settings
+  security = {
+    # Require password for sudo (can be overridden per user)
+    sudo.wheelNeedsPassword = true;
+    
+    # Polkit for desktop users
+    polkit.enable = true;
+  };
+
+  # Common services
+  services = {
+    # Enable SSH for remote management
+    openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false; # Key-based auth only
+        PermitRootLogin = "no";         # No root login
+        X11Forwarding = true;           # For GUI applications over SSH
+      };
+    };
+    
+    # Enable CUPS for printing
+    printing.enable = true;
+    
+    # Enable sound
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      pulse.enable = true;
+    };
+  };
+
+  # XDG portal for desktop integration
+  xdg.portal = {
+    enable = true;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-gtk
+      xdg-desktop-portal-gnome
+    ];
+  };
+}

modules/users/sma.nix

@@ -0,0 +1,134 @@
+# Admin User Configuration - sma
+# Named after Diziet Sma, pragmatic Special Circumstances agent
+# Role: System administration, security oversight, maintenance
+{ config, pkgs, ... }:
+
+{
+  users.users.sma = {
+    description = "Diziet Sma - System Administrator";
+    isNormalUser = true;
+    
+    # Admin privileges
+    extraGroups = [
+      "wheel"          # sudo access
+      "networkmanager" # network management
+      "libvirt"        # virtualization management
+      "incus-admin"    # container management
+      "podman"         # container runtime
+      "docker"         # docker compatibility (if needed)
+    ];
+
+    # Security-focused shell setup
+    shell = pkgs.zsh;
+    
+    # SSH key-based authentication only (no password login)
+    openssh.authorizedKeys.keys = [
+      # Add SSH public key here when ready
+      # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5... sma@home-lab"
+    ];
+
+    # Essential admin packages
+    packages = with pkgs; [
+      # System monitoring and diagnostics
+      htop
+      iotop
+      nethogs
+      lsof
+      strace
+      
+      # Network tools
+      nmap
+      tcpdump
+      wireshark-cli
+      curl
+      wget
+      
+      # File and disk utilities
+      tree
+      fd
+      ripgrep
+      fzf
+      ncdu
+      
+      # Text processing
+      jq
+      yq
+      
+      # Version control (for system configs)
+      git
+      
+      # Container management
+      podman-compose
+      
+      # Backup and sync
+      rsync
+      rclone
+      
+      # Security tools
+      age
+      sops
+      
+      # NixOS specific tools
+      nixos-rebuild
+      nix-tree
+      nix-diff
+    ];
+  };
+
+  # Admin-specific shell configuration
+  programs.zsh = {
+    enable = true;
+    autosuggestions.enable = true;
+    syntaxHighlighting.enable = true;
+    
+    # Admin-focused aliases
+    shellAliases = {
+      # System management
+      "rebuild" = "sudo nixos-rebuild switch --flake /home/geir/Home-lab";
+      "rebuild-test" = "sudo nixos-rebuild test --flake /home/geir/Home-lab";
+      "rebuild-boot" = "sudo nixos-rebuild boot --flake /home/geir/Home-lab";
+      
+      # Container management
+      "pods" = "podman ps -a";
+      "images" = "podman images";
+      "logs" = "podman logs";
+      
+      # System monitoring
+      "disk-usage" = "df -h";
+      "mem-usage" = "free -h";
+      "processes" = "ps aux | head -20";
+      
+      # Network
+      "ports" = "ss -tulpn";
+      "connections" = "ss -tuln";
+      
+      # Git for infrastructure
+      "lab" = "cd /home/geir/Home-lab";
+      "lab-status" = "cd /home/geir/Home-lab && git status";
+      "lab-pull" = "cd /home/geir/Home-lab && git pull";
+      
+      # Security
+      "audit-users" = "cat /etc/passwd | grep -E '/bin/(bash|zsh|fish)'";
+      "audit-sudo" = "cat /etc/sudoers.d/*";
+    };
+  };
+
+  # Sudo configuration for admin user
+  security.sudo.extraRules = [
+    {
+      users = [ "sma" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ]; # Allow passwordless sudo for admin tasks
+        }
+      ];
+    }
+  ];
+
+  # Admin user home directory permissions
+  systemd.tmpfiles.rules = [
+    "d /home/sma 0755 sma users -"
+    "d /home/sma/.ssh 0700 sma users -"
+  ];
+}

user_configs/geir/emacs.org

@@ -6,6 +6,7 @@
 
 
 * About
+
 My attempt at a litterate configuration for Emacs.
 to tangle this file.
 keyboard shortcut `C-c C-v t` (org-babel-tangle) in Emacs.
@@ -13,8 +14,6 @@ This will generate the `~/.emacs.d/init.el` file with the configuration.
 
 * Prep  
 
-
-
 * Configuration
 
 ** Setup lexical binding
@@ -57,7 +56,7 @@ Here we set up the UI to our liking. We disable the menu bar, tool bar, and scro
 
 Set up package management
 
-#+BEGIN_SRC
+#+BEGIN_SRC emacs-lisp
 ;; Initialize package sources
 (require 'package)
 
@@ -71,6 +70,7 @@ Set up package management
 (unless package-archive-contents
   (package-refresh-contents))
 #+END_SRC
+
 Set up doom modeline, which is a nice status line for Emacs. We set it up to show the current buffer name and the current line number.
 
 #+BEGIN_SRC emacs-lisp
@@ -188,21 +188,12 @@ Copilot Chat
 ** Language support
 Here we install and configure support for various programming languages. We use the `use-package` macro to ensure that the packages are installed and configured correctly.
 
-** NixOS from Emacs
+** NixOS from Emacs ?
-Editing Nix files and doing NixOS admin stuff like nixos-rebuild boot --upgrade
+maybe we want to make this useful
-Run the commands with M-x shell-command
+
 
 #+BEGIN_SRC emacs-lisp 
-;; NixOS commands   
-(defun nixos-upgrade ()
-  "Run 'nixos-rebuild boot --upgrade' in a shell."
-  (interactive)
-  (shell-command "nixos-rebuild boot --upgrade"))
 
-(defun nixos-switch ()
-  "Run 'nixos-rebuild switch' in a shell."
-  (interactive)
-  (shell-command "nixos-rebuild switch"))
 #+END_SRC