geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-lab/modules/users
History
Geir Okkenhaug Jerstad 9c9dcdc196 Add comprehensive PipeWire audio configuration with noise suppression 
- Add modules/sound/pipewire.nix with full PipeWire stack
- Include RNNoise AI-powered noise suppression
- Add EasyEffects with pre-configured presets for mic and speakers
- Include multiple GUI applications (pavucontrol, helvum, qpwgraph, pwvucontrol)
- Add helper scripts: audio-setup, microphone-test, validate-audio
- Optimize for low-latency real-time audio processing
- Enable auto-start and desktop integration
- Remove duplicate PipeWire configs from hardware-co.nix and users/common.nix
- Import sound module through desktop/common.nix for all desktop machines
2025-06-18 20:57:39 +02:00
..
common.nix Add comprehensive PipeWire audio configuration with noise suppression 2025-06-18 20:57:39 +02:00
geir.nix feat: Complete deploy-rs integration with status monitoring 2025-06-15 10:51:36 +02:00
media-group.nix Fix NFS configuration: Remove ZFS mount point conflict with tmpfiles 2025-06-11 10:12:51 +02:00
README.md feat: create modular user configurations 2025-06-04 16:56:22 +02:00
shell-aliases.nix updates for deployment tool 2025-06-15 11:01:41 +02:00
sma.nix feat: Complete deploy-rs integration with status monitoring 2025-06-15 10:51:36 +02:00

README.md

User Configurations

This directory contains modular user configurations for the home lab infrastructure.

Philosophy

Following the Culture ship naming convention and Emacs org-mode literate programming approach, user configurations are organized to be:

  • Modular: Each user has their own configuration module
  • Shared: Common settings are in common.nix
  • Character-driven: User names follow Culture character names
  • Functional: Focus on practical daily use and system administration

User Accounts

Primary Users

geir - Primary User Account

  • Role: Development, desktop use, daily computing
  • Access: Full desktop environments (GNOME, Cosmic, Sway)
  • Focus: Development tools, creative applications, multimedia
  • Groups: wheel, networkmanager, libvirt, incus-admin, podman, audio, video, render

sma - System Administrator

  • Full Name: Named after Diziet Sma (Special Circumstances agent)
  • Role: System administration, security oversight, maintenance
  • Access: SSH-only, command-line focused
  • Focus: Monitoring, containers, security, infrastructure management
  • Groups: wheel, networkmanager, libvirt, incus-admin, podman
  • Security: SSH key authentication only, passwordless sudo

Service Accounts (Future)

  • Consider adding service-specific users for:
    • forgejo-admin: Forgejo administration
    • media-admin: Jellyfin/media server management
    • backup-agent: Automated backup operations

File Structure

modules/users/
├── common.nix       # Shared user settings and packages
├── geir.nix         # Primary user configuration
├── sma.nix          # Admin user configuration
└── README.md        # This documentation

Design Principles

Security

  • SSH key-based authentication for admin users
  • Principle of least privilege
  • Separate admin and daily-use accounts
  • No root login allowed

Convenience

  • Modern CLI tools and aliases
  • Development-focused package selection
  • Shell enhancements (zsh, starship, syntax highlighting)
  • Container and virtualization integration

Consistency

  • Common aliases and environment variables
  • Shared shell configuration
  • Standardized directory permissions
  • Culture-inspired naming convention

Integration Points

With System Configuration

  • Desktop environment modules automatically enable GUI applications
  • Virtualization modules grant appropriate group memberships
  • Network modules configure user network access

With User Configs

  • Literate configurations stored in /home/geir/Home-lab/user_configs/
  • Emacs org-mode files for complex configurations
  • Automatic tangling of configuration files
  • Version control integration

With Services

  • User accounts automatically configured for enabled services
  • Container runtime access for development users
  • Monitoring and administration access for admin users

Usage Examples

Adding a New User

  1. Create new module file: modules/users/new-username.nix
  2. Choose appropriate Culture character name
  3. Define role-specific packages and groups
  4. Import in machine configuration
  5. Document in this README

Modifying User Access

  • Edit extraGroups for service access
  • Update packages for new tools
  • Modify shell aliases for workflow improvements
  • Adjust sudo rules for administrative access

Security Considerations

  • Regular audit of user accounts and permissions
  • SSH key rotation schedule
  • Monitor sudo usage and administrative actions
  • Review group memberships quarterly

Culture Character Reference

  • Diziet Sma: Pragmatic SC agent, perfect for system administration
  • Cheradenine Zakalwe: Complex SC agent, high-capability operations
  • Jernau Morat Gurgeh: Strategic game player, systematic thinking
  • Perosteck Balveda: Professional SC agent, reliable operations

Choose character names that reflect the user's role and personality within the home lab infrastructure.