From 85c8b5e7620816e8b51dabd42068a28343f6e128 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Thu, 28 Apr 2022 00:35:15 -0400 Subject: [PATCH 1/3] devos: demonstrate decoupled hm user and system user --- examples/devos/flake.nix | 21 +++------------------ examples/devos/users/admin/default.nix | 11 +++++++++++ examples/devos/users/darwin/default.nix | 8 -------- 3 files changed, 14 insertions(+), 26 deletions(-) create mode 100644 examples/devos/users/admin/default.nix delete mode 100644 examples/devos/users/darwin/default.nix diff --git a/examples/devos/flake.nix b/examples/devos/flake.nix index 02db321b3..f64b07a07 100644 --- a/examples/devos/flake.nix +++ b/examples/devos/flake.nix @@ -147,7 +147,7 @@ users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core.darwin users.darwin ]; + base = [ core.darwin users.admin ]; }; }; }; @@ -162,24 +162,9 @@ }; }; users = { - # TODO: does this naming convention still make sense with darwin support? - # - # - it doesn't make sense to make a 'nixos' user available on - # darwin, and vice versa - # - # - the 'nixos' user might have special significance as the default - # user for fresh systems - # - # - perhaps a system-agnostic home-manager user is more appropriate? - # something like 'primaryuser'? - # - # all that said, these only exist within the `hmUsers` attrset, so - # it could just be left to the developer to determine what's - # appropriate. after all, configuring these hm users is one of the - # first steps in customizing the template. nixos = { suites, ... }: { imports = suites.base; }; - darwin = { suites, ... }: { imports = suites.base; }; - }; # digga.lib.importers.rakeLeaves ./users/hm; + primary = { suites, ... }: { imports = suites.base; }; + }; }; devshell = ./shell; diff --git a/examples/devos/users/admin/default.nix b/examples/devos/users/admin/default.nix new file mode 100644 index 000000000..7243f67b6 --- /dev/null +++ b/examples/devos/users/admin/default.nix @@ -0,0 +1,11 @@ +{ hmUsers, ... }: +{ + # The user profile names defined in `self.home.users` don't need to correspond + # directly to system usernames. They can, instead, be imported as a module in + # any `home-manager.users` configuration, allowing for more flexibility. + home-manager.users.admin = {...}: { imports = [hmUsers.primary]; }; + + users.users.admin = { + description = "default"; + }; +} diff --git a/examples/devos/users/darwin/default.nix b/examples/devos/users/darwin/default.nix deleted file mode 100644 index a268b8a87..000000000 --- a/examples/devos/users/darwin/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ hmUsers, ... }: -{ - home-manager.users = { inherit (hmUsers) darwin; }; - - users.users.darwin = { - description = "default"; - }; -} From fb4107a8dc48ac82412c52b3e4bab1b911efcfd2 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Thu, 28 Apr 2022 00:37:35 -0400 Subject: [PATCH 2/3] devos: make home configurations for all hosts --- examples/devos/flake.nix | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/examples/devos/flake.nix b/examples/devos/flake.nix index f64b07a07..a8df5b335 100644 --- a/examples/devos/flake.nix +++ b/examples/devos/flake.nix @@ -169,12 +169,11 @@ devshell = ./shell; - # TODO: similar to the above note: does it make sense to make all of - # these users available on all systems? - homeConfigurations = digga.lib.mergeAny - (digga.lib.mkHomeConfigurations self.darwinConfigurations) - (digga.lib.mkHomeConfigurations self.nixosConfigurations) - ; + homeConfigurations = + digga.lib.mkHomeConfigurations + (digga.lib.collectHosts + self.nixosConfigurations + self.darwinConfigurations); deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; From cf0d8206e70b01c22cf08a524927673ab1ce75e4 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Tue, 12 Jul 2022 19:40:25 -0400 Subject: [PATCH 3/3] examples: standardise on `primary` user except in installation media --- doc/concepts/suites.md | 24 +++++++++++++------ examples/devos/flake.nix | 12 +++++++--- examples/devos/hosts/nixos/bootstrap.nix | 12 ++++++---- examples/devos/users/admin/default.nix | 11 --------- examples/devos/users/nixos.nix | 23 ++++++++++++++++++ examples/devos/users/nixos/default.nix | 11 --------- examples/devos/users/primary/default.nix | 20 ++++++++++++++++ .../users/{root/default.nix => root.nix} | 0 src/modules.nix | 7 +++++- 9 files changed, 82 insertions(+), 38 deletions(-) delete mode 100644 examples/devos/users/admin/default.nix create mode 100644 examples/devos/users/nixos.nix delete mode 100644 examples/devos/users/nixos/default.nix create mode 100644 examples/devos/users/primary/default.nix rename examples/devos/users/{root/default.nix => root.nix} (100%) diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md index e9eef34ce..c40b08abe 100644 --- a/doc/concepts/suites.md +++ b/doc/concepts/suites.md @@ -2,24 +2,34 @@ Suites provide a mechanism for users to easily combine and name collections of profiles. -`suites` are defined in the `importables` argument in either the `home` or `nixos` -namespace. They are a special case of an `importable` which is passed as a special -argument (one that can be use in an `imports` line) to your hosts. All lists defined -in `suites` are flattened and type-checked as paths. +`suites` are defined in the `importables` argument in any of the `nixos`, +`darwin`, or `home` namespaces. They are a special case of an `importable` which +is passed as a special argument (one that can be use in an `imports` line) to +your hosts. All lists defined in `suites` are flattened and type-checked as +paths. ## Definition + ```nix rec { - workstation = [ profiles.develop profiles.graphical users.nixos ]; - mobileWS = workstation ++ [ profiles.laptop ]; + workstation = [ + profiles.develop + profiles.graphical + users.primary + ]; + portableWorkstation = + workstation + ++ [ profiles.laptop ]; } ``` ## Usage + `hosts/my-laptop.nix`: + ```nix { suites, ... }: { - imports = suites.mobileWS; + imports = suites.portableWorkstation; } ``` diff --git a/examples/devos/flake.nix b/examples/devos/flake.nix index a8df5b335..2511f84d2 100644 --- a/examples/devos/flake.nix +++ b/examples/devos/flake.nix @@ -119,7 +119,11 @@ users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core.nixos users.nixos users.root ]; + base = [ + core.nixos + users.root + users.primary + ]; }; }; }; @@ -147,7 +151,10 @@ users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core.darwin users.admin ]; + base = [ + core.darwin + users.primary + ]; }; }; }; @@ -162,7 +169,6 @@ }; }; users = { - nixos = { suites, ... }: { imports = suites.base; }; primary = { suites, ... }: { imports = suites.base; }; }; }; diff --git a/examples/devos/hosts/nixos/bootstrap.nix b/examples/devos/hosts/nixos/bootstrap.nix index 1f8933743..ca50b9d77 100644 --- a/examples/devos/hosts/nixos/bootstrap.nix +++ b/examples/devos/hosts/nixos/bootstrap.nix @@ -1,10 +1,12 @@ { profiles, ... }: { - imports = [ - # profiles.networking - profiles.core.nixos - profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + imports = with profiles; [ + core.nixos + # N.B. Make sure to add your public SSH keys to authorized keys! + users.root + # Note that this is different than the usual `primary` user for the sake of + # a familiar installation UX. + users.nixos ]; boot.loader.systemd-boot.enable = true; diff --git a/examples/devos/users/admin/default.nix b/examples/devos/users/admin/default.nix deleted file mode 100644 index 7243f67b6..000000000 --- a/examples/devos/users/admin/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ hmUsers, ... }: -{ - # The user profile names defined in `self.home.users` don't need to correspond - # directly to system usernames. They can, instead, be imported as a module in - # any `home-manager.users` configuration, allowing for more flexibility. - home-manager.users.admin = {...}: { imports = [hmUsers.primary]; }; - - users.users.admin = { - description = "default"; - }; -} diff --git a/examples/devos/users/nixos.nix b/examples/devos/users/nixos.nix new file mode 100644 index 000000000..593de0e53 --- /dev/null +++ b/examples/devos/users/nixos.nix @@ -0,0 +1,23 @@ +{ hmUsers, ... }: +{ + # In this profile, the `nixos` system-level user loads the home-manager + # profile for the `primary` user defined in the flake's + # `self.home.users.primary` option. + # + # The user profile names defined in `self.home.users.` don't need to + # correspond directly to system-level usernames. They can, instead, be + # imported as a module in any `home-manager.users` configuration, allowing for + # more flexibility. + # + # Compare with the `primary` system user (in this directory), which uses a + # simplified (but limited) approach. + home-manager.users.nixos = {...}: { imports = [hmUsers.primary]; }; + + users.users.nixos = { + # This is the standard password for installation media. + password = "nixos"; + description = "default"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; +} diff --git a/examples/devos/users/nixos/default.nix b/examples/devos/users/nixos/default.nix deleted file mode 100644 index 077a52e4c..000000000 --- a/examples/devos/users/nixos/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ hmUsers, ... }: -{ - home-manager.users = { inherit (hmUsers) nixos; }; - - users.users.nixos = { - password = "nixos"; - description = "default"; - isNormalUser = true; - extraGroups = [ "wheel" ]; - }; -} diff --git a/examples/devos/users/primary/default.nix b/examples/devos/users/primary/default.nix new file mode 100644 index 000000000..b99bdd101 --- /dev/null +++ b/examples/devos/users/primary/default.nix @@ -0,0 +1,20 @@ +{ hmUsers, ... }: +{ + users.users.primary = { + description = "primary administrative user on this machine"; + isNormalUser = true; + extraGroups = [ "wheel" ]; + + # Make sure to change this! + initialPassword = "nixos"; + }; + + # The following home-manager user definition doesn't include any further + # customization beyond the default `hmUsers.primary` profile, so its + # implementation can be simplified. + # + # Note, however, that the pattern demonstrated in the `nixos` user profile is + # more flexible in the long run, especially if you want to share the same + # home-manager profile amongst multiple users with different usernames. + home-manager.users = { inherit (hmUsers) primary; }; +} diff --git a/examples/devos/users/root/default.nix b/examples/devos/users/root.nix similarity index 100% rename from examples/devos/users/root/default.nix rename to examples/devos/users/root.nix diff --git a/src/modules.nix b/src/modules.nix index 28c17b095..e822b5458 100644 --- a/src/modules.nix +++ b/src/modules.nix @@ -17,7 +17,8 @@ globalDefaults = { hmUsers }: { config, pkgs, self, ... }: { - # digga lib can be accessed in modules directly as config.lib.digga + # Digga's library functions can be accessed directly through the module + # system as `config.lib.digga`. lib = { inherit (pkgs.lib) digga; }; @@ -32,6 +33,10 @@ }; nixosDefaults = { self, ... }: { + # N.B. If users are not explicitly defined in configuration, they will be + # removed from the resulting system. This could result in data loss if + # you're not starting from a fresh install -- even if you are currently + # logged in! users.mutableUsers = lib.mkDefault false; hardware.enableRedistributableFirmware = lib.mkDefault true; system.configurationRevision = lib.mkIf (self ? rev) self.rev;