9f7c2640b5
✅ Completed Tasks: - Task 6: Successfully tested deploy-rs on all machines (grey-area, reverse-proxy, congenital-optimist) - Task 7: Added deploy-rs status monitoring to lab tool 🔧 Infrastructure Improvements: - Added sma user to local machine for consistent SSH access - Created shared shell-aliases.nix module to eliminate conflicts - Enhanced lab status command with deploy-rs deployment info - Added generation tracking, build dates, and uptime monitoring 🚀 Deploy-rs Status: - All 4 machines successfully tested with both dry-run and actual deployments - Automatic rollback protection working correctly - Health checks and magic rollback functioning properly - Tailscale connectivity verified across all nodes 📊 New Status Features: - lab status --deploy-rs: Shows deployment details - lab status -v: Verbose SSH connection info - lab status -vd: Combined verbose + deploy-rs info - Real-time generation and system closure information The hybrid deployment approach is now fully operational with modern safety features while maintaining legacy compatibility.
89 lines
1.8 KiB
Nix
89 lines
1.8 KiB
Nix
# Common User Configuration
|
|
# Shared settings for all users in the home lab
|
|
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
imports = [
|
|
./shell-aliases.nix
|
|
];
|
|
# Common user settings
|
|
users = {
|
|
# Use mutable users for flexibility
|
|
mutableUsers = true;
|
|
|
|
# Default shell for all users
|
|
defaultUserShell = pkgs.zsh;
|
|
};
|
|
|
|
# Enable zsh system-wide
|
|
programs.zsh = {
|
|
enable = true;
|
|
autosuggestions.enable = true;
|
|
syntaxHighlighting.enable = true;
|
|
|
|
# direnv integration
|
|
interactiveShellInit = ''
|
|
eval "$(starship init zsh)"
|
|
eval "$(direnv hook zsh)"
|
|
'';
|
|
|
|
# Common environment variables
|
|
sessionVariables = {
|
|
EDITOR = "emacs";
|
|
BROWSER = "firefox";
|
|
TERMINAL = "kitty";
|
|
};
|
|
};
|
|
|
|
# Common packages for all users
|
|
environment.systemPackages = with pkgs; [
|
|
# Essential CLI tools moved to base.nix
|
|
# Adding user-specific tools here
|
|
|
|
# Communication
|
|
firefox
|
|
|
|
# Development (basic tools moved to base.nix)
|
|
# Additional utilities not in base.nix
|
|
];
|
|
|
|
# Common security settings
|
|
security = {
|
|
# Require password for sudo (can be overridden per user)
|
|
sudo.wheelNeedsPassword = true;
|
|
|
|
# Polkit for desktop users
|
|
polkit.enable = true;
|
|
};
|
|
|
|
# Common services
|
|
services = {
|
|
# Enable SSH for remote management
|
|
openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PasswordAuthentication = false; # Key-based auth only
|
|
PermitRootLogin = "no"; # No root login
|
|
X11Forwarding = true; # For GUI applications over SSH
|
|
};
|
|
};
|
|
|
|
# Enable sound
|
|
pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
pulse.enable = true;
|
|
};
|
|
};
|
|
|
|
# XDG portal for desktop integration
|
|
xdg.portal = {
|
|
enable = true;
|
|
extraPortals = with pkgs; [
|
|
xdg-desktop-portal-gtk
|
|
xdg-desktop-portal-gnome
|
|
];
|
|
};
|
|
}
|