From 1c767ed4c821f474bdf96ac8c1604daf52a82372 Mon Sep 17 00:00:00 2001
From: UGA Innovation Factory <engr-ugaif@uga.edu>
Date: Tue, 13 Jan 2026 20:56:30 -0500
Subject: [PATCH] fix: Ensure all users are read from and that the config is
 shared between module levels

---
 flake.nix                      |  3 +-
 fleet/default.nix              | 10 ++++++-
 fleet/fleet-option.nix         |  1 -
 fleet/user-config.nix          | 53 +++++++++++++++-------------------
 installer/artifacts.nix        |  8 +++++
 inventory.nix                  |  1 -
 lib/mkFleet.nix                |  4 ++-
 parts/nixos-configurations.nix |  4 +--
 parts/packages.nix             |  4 ++-
 parts/users.nix                |  7 -----
 users.nix                      |  4 +--
 11 files changed, 52 insertions(+), 47 deletions(-)
 delete mode 100644 parts/users.nix

diff --git a/flake.nix b/flake.nix
index a38576f..5e509ff 100644
--- a/flake.nix
+++ b/flake.nix
@@ -62,7 +62,7 @@
   };
 
   outputs =
-    inputs@{ flake-parts, ... }:
+    inputs@{ self, flake-parts, ... }:
     flake-parts.lib.mkFlake { inherit inputs; } {
       # Support all common systems
       systems = [
@@ -84,4 +84,5 @@
         ./users.nix
       ];
     };
+
 }
diff --git a/fleet/default.nix b/fleet/default.nix
index 3aaff20..4d7c708 100644
--- a/fleet/default.nix
+++ b/fleet/default.nix
@@ -2,6 +2,8 @@
   inputs,
   lib,
   config,
+  self ? null,
+  users ? {},
   ...
 }:
 
@@ -139,13 +141,19 @@ let
           typeModule
           overrideModule
           { networking.hostName = hostName; }
+          {
+            # Inject user definitions from flake-parts level
+            config.athenix.users = lib.mapAttrs (_: user: lib.mapAttrs (_: lib.mkDefault) user) users;
+          }
         ]
         ++ lib.optional (externalModulePath != null) externalPathModule;
     in
     {
       system = lib.nixosSystem {
         inherit system;
-        specialArgs = { inherit inputs; };
+        specialArgs = {
+          inputs = if self != null then inputs // { inherit self; } else inputs;
+        };
         modules = allModules;
       };
       modules = allModules;
diff --git a/fleet/fleet-option.nix b/fleet/fleet-option.nix
index f6f91cd..8cbb993 100644
--- a/fleet/fleet-option.nix
+++ b/fleet/fleet-option.nix
@@ -172,7 +172,6 @@ in
     };
     users = lib.mkOption {
       type = lib.types.attrsOf userSubmodule;
-      default = { };
       description = "User accounts configuration. Set enable=true for users that should exist on this system.";
     };
   };
diff --git a/fleet/user-config.nix b/fleet/user-config.nix
index 9d960ea..2baead4 100644
--- a/fleet/user-config.nix
+++ b/fleet/user-config.nix
@@ -33,41 +33,34 @@ let
 in
 {
   config = {
+
     # Generate NixOS users
     users.users =
       let
         enabledAccounts = lib.filterAttrs (_: user: user.enable) config.athenix.users;
       in
       lib.mapAttrs (
-        name: user:
-        let
-          isPlasma6 = config.services.desktopManager.plasma6.enable;
-          defaultPackages = lib.optionals (isPlasma6 && name != "root") [ pkgs.kdePackages.kate ];
-          finalPackages = lib.subtractLists user.excludePackages (defaultPackages ++ user.extraPackages);
-          shells = {
-            bash = pkgs.bash;
-            zsh = pkgs.zsh;
-            fish = pkgs.fish;
-            tcsh = pkgs.tcsh;
-          };
-        in
-        rec {
-          inherit (user) isNormalUser extraGroups hashedPassword;
-          description = if user.description != null then user.description else lib.mkDefault "";
-          openssh.authorizedKeys.keys = user.opensshKeys;
-          shell = if user.shell != null then shells.${user.shell} else pkgs.bash;
-          packages = finalPackages ++ [ shell ];
-          group = if user.isNormalUser then name else lib.mkDefault "root";
-        }
-      ) enabledAccounts;
-
-    # Generate user groups for normal users
-    users.groups =
-      let
-        enabledAccounts = lib.filterAttrs (_: user: user.enable) config.athenix.users;
-        normalUsers = lib.filterAttrs (_: user: user.isNormalUser) enabledAccounts;
-      in
-      lib.mapAttrs (_: _: { }) normalUsers;
+          name: user:
+          let
+            isPlasma6 = config.services.desktopManager.plasma6.enable;
+            defaultPackages = lib.optionals (isPlasma6 && name != "root") [ pkgs.kdePackages.kate ];
+            finalPackages = lib.subtractLists user.excludePackages (defaultPackages ++ user.extraPackages);
+            shells = {
+              bash = pkgs.bash;
+              zsh = pkgs.zsh;
+              fish = pkgs.fish;
+              tcsh = pkgs.tcsh;
+            };
+          in
+          rec {
+            isNormalUser = user.isNormalUser;
+            inherit (user) extraGroups hashedPassword;
+            description = if user.description != null then user.description else lib.mkDefault "";
+            openssh.authorizedKeys.keys = user.opensshKeys;
+            shell = if user.shell != null then shells.${user.shell} else pkgs.bash;
+            packages = finalPackages ++ [ shell ];
+          }
+        ) enabledAccounts;
 
     # Home Manager configs per user
     home-manager = {
@@ -133,7 +126,7 @@ in
 
               # Always set these required options
               home.username = name;
-              home.homeDirectory = if name == "root" then "/root" else "/home/${name}";
+              home.homeDirectory = lib.mkOverride 999 (if name == "root" then "/root" else "/home/${name}");
               home.stateVersion = "25.11";
               programs.${user.editor} = {
                 enable = true;
diff --git a/installer/artifacts.nix b/installer/artifacts.nix
index 877721a..c401bcd 100644
--- a/installer/artifacts.nix
+++ b/installer/artifacts.nix
@@ -3,6 +3,7 @@
   fleet,
   self,
   system,
+  users ? {},
 }:
 # This file defines the logic for generating various build artifacts (ISOs, Netboot, LXC, etc.)
 # It exports a set of packages that can be built using `nix build .#<artifact-name>`
@@ -29,6 +30,7 @@ let
           hostName
           targetSystemBuild
           diskoScript
+          users
           ;
         hostPlatform = system;
       };
@@ -46,6 +48,9 @@ let
       inherit system;
       specialArgs = { inherit inputs; };
       modules = fleet.modules.${hostName} ++ [
+        {
+          config.athenix.users = lib.mapAttrs (_: user: lib.mapAttrs (_: lib.mkDefault) user) users;
+        }
         {
           disko.enableConfig = lib.mkForce false;
           services.upower.enable = lib.mkForce false;
@@ -63,6 +68,9 @@ let
       specialArgs = { inherit inputs; };
       modules = fleet.modules.${hostName} ++ [
         "${nixpkgs}/nixos/modules/installer/netboot/netboot.nix"
+        {
+          config.athenix.users = lib.mapAttrs (_: user: lib.mapAttrs (_: lib.mkDefault) user) users;
+        }
         {
           disko.enableConfig = lib.mkForce false;
           services.upower.enable = lib.mkForce false;
diff --git a/inventory.nix b/inventory.nix
index 4b19234..7f9a6bd 100644
--- a/inventory.nix
+++ b/inventory.nix
@@ -132,7 +132,6 @@
           rev = "dab32f5884895cead0fae28cb7d88d17951d0c12";
           submodules = true;
         };
-        "usda-dash".athenix.users.engr-ugaif.enable = true;
       };
       overrides = {
         athenix.host.useHostPrefix = false;
diff --git a/lib/mkFleet.nix b/lib/mkFleet.nix
index 5e3b783..dd55ec5 100644
--- a/lib/mkFleet.nix
+++ b/lib/mkFleet.nix
@@ -4,7 +4,9 @@
   inputs,
   lib,
   config,
+  self ? null,
+  users ? {},
 }:
 import ../fleet/default.nix {
-  inherit inputs lib config;
+  inherit inputs lib config self users;
 }
diff --git a/parts/nixos-configurations.nix b/parts/nixos-configurations.nix
index ac51ef4..fec0fe8 100644
--- a/parts/nixos-configurations.nix
+++ b/parts/nixos-configurations.nix
@@ -3,7 +3,6 @@
   inputs,
   self,
   lib,
-  pkgs,
   config,
   ...
 }:
@@ -14,7 +13,8 @@
 
   flake.nixosConfigurations =
     let
-      fleet = self.lib.mkFleet { inherit inputs lib config; };
+      users = config.athenix.users;
+      fleet = self.lib.mkFleet { inherit inputs lib config self users; };
     in
     fleet.nixosConfigurations;
 }
diff --git a/parts/packages.nix b/parts/packages.nix
index 0207533..4098c20 100644
--- a/parts/packages.nix
+++ b/parts/packages.nix
@@ -12,13 +12,15 @@
     lib.mkIf (system == "x86_64-linux") {
       packages =
         let
-          fleet = self.lib.mkFleet { inherit inputs lib config; };
+          users = config.athenix.users;
+          fleet = self.lib.mkFleet { inherit inputs lib config self users; };
           artifacts = import ../installer/artifacts.nix {
             inherit
               inputs
               fleet
               self
               system
+              users
               ;
           };
         in
diff --git a/parts/users.nix b/parts/users.nix
deleted file mode 100644
index 9e88f48..0000000
--- a/parts/users.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-# Flake-parts wrapper for users.nix
-{ inputs, ... }:
-let
-  # Minimal pkgs just for shell paths - will be overridden in actual NixOS configs
-  pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
-in
-import ../users.nix { inherit pkgs; }
diff --git a/users.nix b/users.nix
index 6ee8279..5cbd321 100644
--- a/users.nix
+++ b/users.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ lib, inputs, config, ... }:
 {
   # ============================================================================
   # User Definitions
@@ -26,7 +26,7 @@
   #
   # User options can be set in users.nix OR in the external module's user.nix.
   # External module options take precedence over users.nix defaults.
-  athenix.users = {
+  config.athenix.users = {
     root = {
       isNormalUser = false;
       hashedPassword = "!";