geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-lab/modules/users/sma.nix
Geir Okkenhaug Jerstad 9f7c2640b5 feat: Complete deploy-rs integration with status monitoring 
 Completed Tasks:
- Task 6: Successfully tested deploy-rs on all machines (grey-area, reverse-proxy, congenital-optimist)
- Task 7: Added deploy-rs status monitoring to lab tool

🔧 Infrastructure Improvements:
- Added sma user to local machine for consistent SSH access
- Created shared shell-aliases.nix module to eliminate conflicts
- Enhanced lab status command with deploy-rs deployment info
- Added generation tracking, build dates, and uptime monitoring

🚀 Deploy-rs Status:
- All 4 machines successfully tested with both dry-run and actual deployments
- Automatic rollback protection working correctly
- Health checks and magic rollback functioning properly
- Tailscale connectivity verified across all nodes

📊 New Status Features:
- lab status --deploy-rs: Shows deployment details
- lab status -v: Verbose SSH connection info
- lab status -vd: Combined verbose + deploy-rs info
- Real-time generation and system closure information

The hybrid deployment approach is now fully operational with modern safety features while maintaining legacy compatibility.
2025-06-15 10:51:36 +02:00

128 lines
3.3 KiB
Nix
Raw Blame History

# Admin User Configuration - sma
# Named after Diziet Sma, pragmatic Special Circumstances agent
# Role: System administration, security oversight, maintenance
{
config,
pkgs,
...
}: {
imports = [
./media-group.nix
];
users.users.sma = {
description = "Diziet Sma - System Administrator";
isNormalUser = true;
uid = 1001; # Fixed UID for consistency across machines
group = "sma"; # Primary group
# Admin privileges
extraGroups = [
"wheel" # sudo access
"networkmanager" # network management
"libvirt" # virtualization management
"incus-admin" # container management
"podman" # container runtime
"docker" # docker compatibility (if needed)
"media" # shared media access for NFS shares
];
# Security-focused shell setup
shell = pkgs.zsh;
# SSH key-based authentication only (no password login)
openssh.authorizedKeys.keys = [
# Admin key for server administration
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgzKS1N7+7+N1/8U8++1pl4hapDm6TOy0QhrfrYA8mz geir@geokkjer.eu-admin"
];
# Essential admin packages
packages = with pkgs; [
# System monitoring and diagnostics (htop, lsof, strace moved to base.nix)
iotop
nethogs
# Network tools (nmap moved to base.nix)
tcpdump
wireshark-cli
# File and disk utilities (tree, fd, ripgrep, fzf, ncdu moved to base.nix)
# Text processing (jq, yq moved to base.nix)
# Version control (git moved to base.nix)
# Container management
podman-compose
# Backup and sync
rsync
rclone
# Security tools
age
sops
# NixOS specific tools
nixos-rebuild
nix-tree
nix-diff
];
};
# Admin-specific shell configuration
programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
# Admin-specific aliases (common ones in shell-aliases.nix)
shellAliases = {
# Flake management from remote deployments (sma uses temp directory)
"rebuild-remote" = "cd /tmp/home-lab-config && sudo nixos-rebuild switch --flake .";
"rebuild-remote-test" = "cd /tmp/home-lab-config && sudo nixos-rebuild test --flake .";
"rebuild-remote-boot" = "cd /tmp/home-lab-config && sudo nixos-rebuild boot --flake .";
};
interactiveShellInit = ''
# Emacs-style keybindings
bindkey -e
# Disable annoying shell options
unsetopt beep nomatch
# Completion configuration
zstyle ':completion:*' completer _expand _complete _ignored
zstyle ':completion:*' matcher-list ""
autoload -Uz compinit
compinit
# Initialize shell enhancements
eval "$(starship init zsh)"
eval "$(direnv hook zsh)"
'';
};
# Sudo configuration for admin user
security.sudo.extraRules = [
{
users = ["sma"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"]; # Allow passwordless sudo for admin tasks
}
];
}
];
# Admin user home directory permissions
systemd.tmpfiles.rules = [
"d /home/sma 0755 sma sma -"
"d /home/sma/.ssh 0700 sma sma -"
];
# Create the sma group
users.groups.sma = {
gid = 992; # Fixed GID for consistency across machines
};
}
Reference in a new issue View git blame Copy permalink