fix: Ensure all users are read from and that the config is shared between module levels

2026-01-13 20:56:30 -05:00
parent ffa434e720
commit 1c767ed4c8
11 changed files with 52 additions and 47 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -62,7 +62,7 @@
  };

  outputs =
-    inputs@{ flake-parts, ... }:
+    inputs@{ self, flake-parts, ... }:
    flake-parts.lib.mkFlake { inherit inputs; } {
      # Support all common systems
      systems = [
@@ -84,4 +84,5 @@
        ./users.nix
      ];
    };
+
 }
--- a/fleet/default.nix
+++ b/fleet/default.nix
@@ -2,6 +2,8 @@
  inputs,
  lib,
  config,
+  self ? null,
+  users ? {},
  ...
 }:

@@ -139,13 +141,19 @@ let
          typeModule
          overrideModule
          { networking.hostName = hostName; }
+          {
+            # Inject user definitions from flake-parts level
+            config.athenix.users = lib.mapAttrs (_: user: lib.mapAttrs (_: lib.mkDefault) user) users;
+          }
        ]
        ++ lib.optional (externalModulePath != null) externalPathModule;
    in
    {
      system = lib.nixosSystem {
        inherit system;
-        specialArgs = { inherit inputs; };
+        specialArgs = {
+          inputs = if self != null then inputs // { inherit self; } else inputs;
+        };
        modules = allModules;
      };
      modules = allModules;
--- a/fleet/fleet-option.nix
+++ b/fleet/fleet-option.nix
@@ -172,7 +172,6 @@ in
    };
    users = lib.mkOption {
      type = lib.types.attrsOf userSubmodule;
-      default = { };
      description = "User accounts configuration. Set enable=true for users that should exist on this system.";
    };
  };
--- a/fleet/user-config.nix
+++ b/fleet/user-config.nix
@@ -33,41 +33,34 @@ let
 in
 {
  config = {
+
    # Generate NixOS users
    users.users =
      let
        enabledAccounts = lib.filterAttrs (_: user: user.enable) config.athenix.users;
      in
      lib.mapAttrs (
-        name: user:
-        let
-          isPlasma6 = config.services.desktopManager.plasma6.enable;
-          defaultPackages = lib.optionals (isPlasma6 && name != "root") [ pkgs.kdePackages.kate ];
-          finalPackages = lib.subtractLists user.excludePackages (defaultPackages ++ user.extraPackages);
-          shells = {
-            bash = pkgs.bash;
-            zsh = pkgs.zsh;
-            fish = pkgs.fish;
-            tcsh = pkgs.tcsh;
-          };
-        in
-        rec {
-          inherit (user) isNormalUser extraGroups hashedPassword;
-          description = if user.description != null then user.description else lib.mkDefault "";
-          openssh.authorizedKeys.keys = user.opensshKeys;
-          shell = if user.shell != null then shells.${user.shell} else pkgs.bash;
-          packages = finalPackages ++ [ shell ];
-          group = if user.isNormalUser then name else lib.mkDefault "root";
-        }
-      ) enabledAccounts;
-
-    # Generate user groups for normal users
-    users.groups =
-      let
-        enabledAccounts = lib.filterAttrs (_: user: user.enable) config.athenix.users;
-        normalUsers = lib.filterAttrs (_: user: user.isNormalUser) enabledAccounts;
-      in
-      lib.mapAttrs (_: _: { }) normalUsers;
+          name: user:
+          let
+            isPlasma6 = config.services.desktopManager.plasma6.enable;
+            defaultPackages = lib.optionals (isPlasma6 && name != "root") [ pkgs.kdePackages.kate ];
+            finalPackages = lib.subtractLists user.excludePackages (defaultPackages ++ user.extraPackages);
+            shells = {
+              bash = pkgs.bash;
+              zsh = pkgs.zsh;
+              fish = pkgs.fish;
+              tcsh = pkgs.tcsh;
+            };
+          in
+          rec {
+            isNormalUser = user.isNormalUser;
+            inherit (user) extraGroups hashedPassword;
+            description = if user.description != null then user.description else lib.mkDefault "";
+            openssh.authorizedKeys.keys = user.opensshKeys;
+            shell = if user.shell != null then shells.${user.shell} else pkgs.bash;
+            packages = finalPackages ++ [ shell ];
+          }
+        ) enabledAccounts;

    # Home Manager configs per user
    home-manager = {
@@ -133,7 +126,7 @@ in

              # Always set these required options
              home.username = name;
-              home.homeDirectory = if name == "root" then "/root" else "/home/${name}";
+              home.homeDirectory = lib.mkOverride 999 (if name == "root" then "/root" else "/home/${name}");
              home.stateVersion = "25.11";
              programs.${user.editor} = {
                enable = true;
--- a/installer/artifacts.nix
+++ b/installer/artifacts.nix
@@ -3,6 +3,7 @@
  fleet,
  self,
  system,
+  users ? {},
 }:
 # This file defines the logic for generating various build artifacts (ISOs, Netboot, LXC, etc.)
 # It exports a set of packages that can be built using `nix build .#<artifact-name>`
@@ -29,6 +30,7 @@ let
          hostName
          targetSystemBuild
          diskoScript
+          users
          ;
        hostPlatform = system;
      };
@@ -46,6 +48,9 @@ let
      inherit system;
      specialArgs = { inherit inputs; };
      modules = fleet.modules.${hostName} ++ [
+        {
+          config.athenix.users = lib.mapAttrs (_: user: lib.mapAttrs (_: lib.mkDefault) user) users;
+        }
        {
          disko.enableConfig = lib.mkForce false;
          services.upower.enable = lib.mkForce false;
@@ -63,6 +68,9 @@ let
      specialArgs = { inherit inputs; };
      modules = fleet.modules.${hostName} ++ [
        "${nixpkgs}/nixos/modules/installer/netboot/netboot.nix"
+        {
+          config.athenix.users = lib.mapAttrs (_: user: lib.mapAttrs (_: lib.mkDefault) user) users;
+        }
        {
          disko.enableConfig = lib.mkForce false;
          services.upower.enable = lib.mkForce false;
--- a/inventory.nix
+++ b/inventory.nix
@@ -132,7 +132,6 @@
          rev = "dab32f5884895cead0fae28cb7d88d17951d0c12";
          submodules = true;
        };
-        "usda-dash".athenix.users.engr-ugaif.enable = true;
      };
      overrides = {
        athenix.host.useHostPrefix = false;
--- a/lib/mkFleet.nix
+++ b/lib/mkFleet.nix
@@ -4,7 +4,9 @@
  inputs,
  lib,
  config,
+  self ? null,
+  users ? {},
 }:
 import ../fleet/default.nix {
-  inherit inputs lib config;
+  inherit inputs lib config self users;
 }
--- a/parts/nixos-configurations.nix
+++ b/parts/nixos-configurations.nix
@@ -3,7 +3,6 @@
  inputs,
  self,
  lib,
-  pkgs,
  config,
  ...
 }:
@@ -14,7 +13,8 @@

  flake.nixosConfigurations =
    let
-      fleet = self.lib.mkFleet { inherit inputs lib config; };
+      users = config.athenix.users;
+      fleet = self.lib.mkFleet { inherit inputs lib config self users; };
    in
    fleet.nixosConfigurations;
 }
--- a/parts/packages.nix
+++ b/parts/packages.nix
@@ -12,13 +12,15 @@
    lib.mkIf (system == "x86_64-linux") {
      packages =
        let
-          fleet = self.lib.mkFleet { inherit inputs lib config; };
+          users = config.athenix.users;
+          fleet = self.lib.mkFleet { inherit inputs lib config self users; };
          artifacts = import ../installer/artifacts.nix {
            inherit
              inputs
              fleet
              self
              system
+              users
              ;
          };
        in
--- a/parts/users.nix
+++ b/parts/users.nix
@@ -1,7 +0,0 @@
-# Flake-parts wrapper for users.nix
-{ inputs, ... }:
-let
-  # Minimal pkgs just for shell paths - will be overridden in actual NixOS configs
-  pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
-in
-import ../users.nix { inherit pkgs; }
--- a/users.nix
+++ b/users.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, inputs, config, ... }:
 {
  # ============================================================================
  # User Definitions
@@ -26,7 +26,7 @@
  #
  # User options can be set in users.nix OR in the external module's user.nix.
  # External module options take precedence over users.nix defaults.
-  athenix.users = {
+  config.athenix.users = {
    root = {
      isNormalUser = false;
      hashedPassword = "!";