UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

fix: Change how enabled users are handled

Browse Source
This commit is contained in:
UGA Innovation Factory
2025-12-16 14:35:02 -05:00
committed by Hunter Halloran
parent 0ffdfdf0d8
commit 7ac453e1f7
10 changed files with 102 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/default.nix
View File

@@ -43,7 +43,7 @@ let
# Load users.nix to find external user flakes
pkgs = nixpkgs.legacyPackages.${system};
usersData = import ../users.nix { inherit pkgs; };
accounts = usersData.ugaif.users.accounts or { };
accounts = usersData.ugaif.users or { };
# Extract flakeUrls and convert to modules
userFlakeModules = lib.mapAttrsToList (
@@ -87,7 +87,10 @@ let
];
specialConfig = lib.mkMerge [
(lib.optionalAttrs (configOverrides ? extraUsers) {
ugaif.users.enabledUsers = configOverrides.extraUsers;
# Enable each user in the extraUsers list
ugaif.users = lib.genAttrs configOverrides.extraUsers (_: {
enable = true;
});
})
(lib.optionalAttrs (configOverrides ? buildMethods) {
ugaif.host.buildMethods = configOverrides.buildMethods;

16
hosts/types/nix-desktop.nix
View File

@@ -20,20 +20,20 @@
# ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support
"nvme" # NVMe SSD support
"xhci_pci" # USB 3.0 support
"nvme" # NVMe SSD support
"usb_storage" # USB storage devices
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot
];

20
hosts/types/nix-ephemeral.nix
View File

@@ -20,20 +20,20 @@
# ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support
"nvme" # NVMe support
"xhci_pci" # USB 3.0 support
"nvme" # NVMe support
"usb_storage" # USB storage devices
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot
];
@@ -42,8 +42,8 @@
ugaif.host.filesystem.swapSize = lib.mkForce "0G";
ugaif.host.filesystem.device = lib.mkForce "/dev/null"; # Dummy device
ugaif.host.buildMethods = lib.mkDefault [
"iso" # Live ISO image
"ipxe" # Network boot
"iso" # Live ISO image
"ipxe" # Network boot
];
# Disable disk management for RAM-only systems

22
hosts/types/nix-laptop.nix
View File

@@ -20,25 +20,25 @@
# ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support
"xhci_pci" # USB 3.0 support
"thunderbolt" # Thunderbolt support
"nvme" # NVMe SSD support
"nvme" # NVMe SSD support
"usb_storage" # USB storage devices
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot
"i915.enable_psr=0" # Disable Panel Self Refresh (stability)
"i915.enable_dc=0" # Disable display power saving
"i915.enable_fbc=0" # Disable framebuffer compression
"i915.enable_psr=0" # Disable Panel Self Refresh (stability)
"i915.enable_dc=0" # Disable display power saving
"i915.enable_fbc=0" # Disable framebuffer compression
];
# ========== Hardware Configuration ==========

14
hosts/types/nix-lxc.nix
View File

@@ -31,30 +31,30 @@
# ========== Container-Specific Configuration ==========
boot.isContainer = true;
boot.loader.systemd-boot.enable = lib.mkForce false; # No bootloader in container
disko.enableConfig = lib.mkForce false; # No disk management in container
disko.enableConfig = lib.mkForce false; # No disk management in container
console.enable = true;
# Allow getty to work in containers
systemd.services."getty@".unitConfig.ConditionPathExists = [
""
"/dev/%I"
];
# Suppress unnecessary systemd units for containers
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# ========== Remote Development ==========
services.vscode-server.enable = true;
# ========== System Configuration ==========
system.stateVersion = "25.11";
ugaif.host.buildMethods = lib.mkDefault [
"lxc" # LXC container tarball
"proxmox" # Proxmox VMA archive
"lxc" # LXC container tarball
"proxmox" # Proxmox VMA archive
];
ugaif.sw.enable = lib.mkDefault true;

26
hosts/types/nix-surface.nix
View File

@@ -30,26 +30,26 @@ in
# ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support
"nvme" # NVMe support (though Surface uses eMMC)
"xhci_pci" # USB 3.0 support
"nvme" # NVMe support (though Surface uses eMMC)
"usb_storage" # USB storage devices
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
"sd_mod" # SD card support
"sdhci_pci" # SD card host controller
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ];
boot.kernelParams = [
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot
"intel_ipu3_imgu" # Intel camera image processing
"intel_ipu3_isys" # Intel camera sensor interface
"fbcon=map:1" # Framebuffer console mapping
"i915.enable_psr=0" # Disable Panel Self Refresh (breaks resume)
"i915.enable_dc=0" # Disable display power saving
"intel_ipu3_imgu" # Intel camera image processing
"intel_ipu3_isys" # Intel camera sensor interface
"fbcon=map:1" # Framebuffer console mapping
"i915.enable_psr=0" # Disable Panel Self Refresh (breaks resume)
"i915.enable_dc=0" # Disable display power saving
];
# Use older kernel for better Surface hardware support

50
hosts/user-config.nix
View File

@@ -64,6 +64,11 @@ let
default = null;
description = "The shell for this user.";
};
editor = lib.mkOption {
type = lib.types.nullOr lib.types.package;
default = null;
description = "The default editor for this user.";
};
useZshTheme = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -74,42 +79,31 @@ let
default = true;
description = "Whether to apply the system Neovim configuration.";
};
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether this user account is enabled on this system.";
};
};
};
in
{
options.ugaif.users = {
shell = lib.mkOption {
type = lib.types.package;
default = pkgs.bash;
description = "The default shell for users.";
};
accounts = lib.mkOption {
type = lib.types.attrsOf userSubmodule;
default = { };
description = "User accounts configuration.";
};
enabledUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of users to enable on this system.";
};
options.ugaif.users = lib.mkOption {
type = lib.types.attrsOf userSubmodule;
default = { };
description = "User accounts configuration. Set enable=true for users that should exist on this system.";
};
config = {
# Default enabled users (always present)
ugaif.users.enabledUsers = [
"root"
"engr-ugaif"
]
++ lib.optional (config.ugaif.forUser != null) config.ugaif.forUser;
# Enable forUser if specified
ugaif.users = lib.mkIf (config.ugaif.forUser != null) {
${config.ugaif.forUser}.enable = true;
};
# Generate NixOS users
users.users =
let
enabledAccounts = lib.filterAttrs (
name: _: lib.elem name config.ugaif.users.enabledUsers
) config.ugaif.users.accounts;
enabledAccounts = lib.filterAttrs (_: user: user.enable) config.ugaif.users;
in
lib.mapAttrs (
name: user:
@@ -123,7 +117,7 @@ in
description = if user.description != null then user.description else lib.mkDefault "";
openssh.authorizedKeys.keys = user.opensshKeys;
packages = finalPackages;
shell = if user.shell != null then user.shell else config.ugaif.users.shell;
shell = if user.shell != null then user.shell else pkgs.bash;
}
) enabledAccounts;
@@ -138,9 +132,7 @@ in
users =
let
enabledAccounts = lib.filterAttrs (
name: _: lib.elem name config.ugaif.users.enabledUsers
) config.ugaif.users.accounts;
enabledAccounts = lib.filterAttrs (_: user: user.enable) config.ugaif.users;
in
lib.mapAttrs (
name: user:

36
installer/modules.nix
View File

@@ -19,10 +19,10 @@
# home-manager.users.myuser.imports = [ inputs.nixos-systems.homeManagerModules.theme ];
#
# # Neovim module (requires user parameter):
# home-manager.users.myuser.imports = [
# (inputs.nixos-systems.homeManagerModules.nvim {
# home-manager.users.myuser.imports = [
# (inputs.nixos-systems.homeManagerModules.nvim {
# user = config.ugaif.users.accounts.myuser;
# })
# })
# ];
{ inputs }:
@@ -39,8 +39,8 @@ let
}:
{
imports = [
../sw/ghostty.nix # Terminal emulator
../sw/python.nix # Python environment
../sw/ghostty.nix # Terminal emulator
../sw/python.nix # Python environment
(import ../sw/${swType} {
inherit
config
@@ -60,32 +60,30 @@ let
# Helper to create a Home Manager module for nvim (requires user context)
# External users can import this with their user data
mkNvimModule =
user:
(import ../sw/nvim.nix { inherit user; });
mkNvimModule = user: (import ../sw/nvim.nix { inherit user; });
in
{
# ========== Full Host Type Modules ==========
# Complete system configurations including hardware, boot, and software
nix-desktop = import ../hosts/types/nix-desktop.nix { inherit inputs; }; # Desktop workstations
nix-laptop = import ../hosts/types/nix-laptop.nix { inherit inputs; }; # Laptop systems
nix-surface = import ../hosts/types/nix-surface.nix { inherit inputs; }; # Surface tablets
nix-lxc = import ../hosts/types/nix-lxc.nix { inherit inputs; }; # Proxmox containers
nix-wsl = import ../hosts/types/nix-wsl.nix { inherit inputs; }; # WSL2 systems
nix-desktop = import ../hosts/types/nix-desktop.nix { inherit inputs; }; # Desktop workstations
nix-laptop = import ../hosts/types/nix-laptop.nix { inherit inputs; }; # Laptop systems
nix-surface = import ../hosts/types/nix-surface.nix { inherit inputs; }; # Surface tablets
nix-lxc = import ../hosts/types/nix-lxc.nix { inherit inputs; }; # Proxmox containers
nix-wsl = import ../hosts/types/nix-wsl.nix { inherit inputs; }; # WSL2 systems
nix-ephemeral = import ../hosts/types/nix-ephemeral.nix { inherit inputs; }; # Diskless/RAM-only
# ========== Software-Only Modules (NixOS) ==========
# For use with custom hardware configurations
sw-desktop = mkSwModule "desktop"; # Full desktop environment
sw-headless = mkSwModule "headless"; # CLI-only systems
sw-stateless-kiosk = mkSwModule "stateless-kiosk"; # Netboot kiosk
sw-tablet-kiosk = mkSwModule "tablet-kiosk"; # Touch-based kiosk
sw-desktop = mkSwModule "desktop"; # Full desktop environment
sw-headless = mkSwModule "headless"; # CLI-only systems
sw-stateless-kiosk = mkSwModule "stateless-kiosk"; # Netboot kiosk
sw-tablet-kiosk = mkSwModule "tablet-kiosk"; # Touch-based kiosk
# ========== Home Manager Modules ==========
# User-level configuration modules
# Usage: home-manager.users.myuser.imports = [ (inputs.nixos-systems.homeManagerModules.nvim { user = <user-data>; }) ];
homeModules = {
theme = ../sw/theme.nix; # Zsh theme (no params needed)
nvim = mkNvimModule; # Neovim (requires user param)
theme = ../sw/theme.nix; # Zsh theme (no params needed)
nvim = mkNvimModule; # Neovim (requires user param)
};
}

8
sw/default.nix
View File

@@ -71,10 +71,10 @@ in
environment.systemPackages =
with pkgs;
subtractLists cfg.excludePackages [
htop # System monitor
binutils # Binary utilities
zsh # Z shell
git # Version control
htop # System monitor
binutils # Binary utilities
zsh # Z shell
git # Version control
oh-my-posh # Shell prompt theme
inputs.agenix.packages.${stdenv.hostPlatform.system}.default # Secret management
];

7
users.nix
View File

@@ -9,10 +9,12 @@
# Define the users here using the new option
# To generate a password hash, run: mkpasswd -m sha-512
ugaif.users.accounts = {
# Set enabled = true on systems where the user should exist
ugaif.users = {
root = {
isNormalUser = false;
hashedPassword = "!";
enable = true; # Root is always enabled
};
engr-ugaif = {
description = "UGA Innovation Factory";
@@ -26,6 +28,7 @@
opensshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBC7xzHxY2BfFUybMvG4wHSF9oEAGzRiLTFEndLvWV/X hdh20267@engr733847d.engr.uga.edu"
];
enable = true; # Default user, enabled everywhere
};
hdh20267 = {
description = "Hunter Halloran";
@@ -37,6 +40,7 @@
shell = pkgs.zsh;
# Example of using an external flake for configuration:
# flakeUrl = "github:hdh20267/dotfiles";
# enable = false by default, set to true per-system
};
sv22900 = {
description = "Alireza Vaezi";
@@ -45,6 +49,7 @@
"wheel"
];
shell = pkgs.zsh;
# enable = false by default, set to true per-system
};
};
}