geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-lab/modules/users
History
Geir Okkenhaug Jerstad d5bf6cfbf3
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Details
added node npm npx from nix
2025-06-05 11:06:38 +02:00
..
common.nix feat: System update and direnv fixes 2025-06-05 09:32:58 +02:00
geir.nix added node npm npx from nix 2025-06-05 11:06:38 +02:00
README.md feat: create modular user configurations 2025-06-04 16:56:22 +02:00
sma.nix feat: create modular user configurations 2025-06-04 16:56:22 +02:00

README.md

User Configurations

This directory contains modular user configurations for the home lab infrastructure.

Philosophy

Following the Culture ship naming convention and Emacs org-mode literate programming approach, user configurations are organized to be:

  • Modular: Each user has their own configuration module
  • Shared: Common settings are in common.nix
  • Character-driven: User names follow Culture character names
  • Functional: Focus on practical daily use and system administration

User Accounts

Primary Users

geir - Primary User Account

  • Role: Development, desktop use, daily computing
  • Access: Full desktop environments (GNOME, Cosmic, Sway)
  • Focus: Development tools, creative applications, multimedia
  • Groups: wheel, networkmanager, libvirt, incus-admin, podman, audio, video, render

sma - System Administrator

  • Full Name: Named after Diziet Sma (Special Circumstances agent)
  • Role: System administration, security oversight, maintenance
  • Access: SSH-only, command-line focused
  • Focus: Monitoring, containers, security, infrastructure management
  • Groups: wheel, networkmanager, libvirt, incus-admin, podman
  • Security: SSH key authentication only, passwordless sudo

Service Accounts (Future)

  • Consider adding service-specific users for:
    • forgejo-admin: Forgejo administration
    • media-admin: Jellyfin/media server management
    • backup-agent: Automated backup operations

File Structure

modules/users/
├── common.nix       # Shared user settings and packages
├── geir.nix         # Primary user configuration
├── sma.nix          # Admin user configuration
└── README.md        # This documentation

Design Principles

Security

  • SSH key-based authentication for admin users
  • Principle of least privilege
  • Separate admin and daily-use accounts
  • No root login allowed

Convenience

  • Modern CLI tools and aliases
  • Development-focused package selection
  • Shell enhancements (zsh, starship, syntax highlighting)
  • Container and virtualization integration

Consistency

  • Common aliases and environment variables
  • Shared shell configuration
  • Standardized directory permissions
  • Culture-inspired naming convention

Integration Points

With System Configuration

  • Desktop environment modules automatically enable GUI applications
  • Virtualization modules grant appropriate group memberships
  • Network modules configure user network access

With User Configs

  • Literate configurations stored in /home/geir/Home-lab/user_configs/
  • Emacs org-mode files for complex configurations
  • Automatic tangling of configuration files
  • Version control integration

With Services

  • User accounts automatically configured for enabled services
  • Container runtime access for development users
  • Monitoring and administration access for admin users

Usage Examples

Adding a New User

  1. Create new module file: modules/users/new-username.nix
  2. Choose appropriate Culture character name
  3. Define role-specific packages and groups
  4. Import in machine configuration
  5. Document in this README

Modifying User Access

  • Edit extraGroups for service access
  • Update packages for new tools
  • Modify shell aliases for workflow improvements
  • Adjust sudo rules for administrative access

Security Considerations

  • Regular audit of user accounts and permissions
  • SSH key rotation schedule
  • Monitor sudo usage and administrative actions
  • Review group memberships quarterly

Culture Character Reference

  • Diziet Sma: Pragmatic SC agent, perfect for system administration
  • Cheradenine Zakalwe: Complex SC agent, high-capability operations
  • Jernau Morat Gurgeh: Strategic game player, systematic thinking
  • Perosteck Balveda: Professional SC agent, reliable operations

Choose character names that reflect the user's role and personality within the home lab infrastructure.