UGA-Innovation-Factory/athenix
3
1
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

fix: Change how enabled users are handled

Browse Source
This commit is contained in:
UGA Innovation Factory
2025-12-16 14:35:02 -05:00
committed by Hunter Halloran
parent 0ffdfdf0d8
commit 7ac453e1f7
10 changed files with 102 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/default.nix
View File

@@ -43,7 +43,7 @@ let
# Load users.nix to find external user flakes # Load users.nix to find external user flakes
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
usersData = import ../users.nix { inherit pkgs; }; usersData = import ../users.nix { inherit pkgs; };
accounts = usersData.ugaif.users.accounts or { }; accounts = usersData.ugaif.users or { };
# Extract flakeUrls and convert to modules # Extract flakeUrls and convert to modules
userFlakeModules = lib.mapAttrsToList ( userFlakeModules = lib.mapAttrsToList (
@@ -87,7 +87,10 @@ let
]; ];
specialConfig = lib.mkMerge [ specialConfig = lib.mkMerge [
(lib.optionalAttrs (configOverrides ? extraUsers) { (lib.optionalAttrs (configOverrides ? extraUsers) {
ugaif.users.enabledUsers = configOverrides.extraUsers; # Enable each user in the extraUsers list
ugaif.users = lib.genAttrs configOverrides.extraUsers (_: {
enable = true;
});
}) })
(lib.optionalAttrs (configOverrides ? buildMethods) { (lib.optionalAttrs (configOverrides ? buildMethods) {
ugaif.host.buildMethods = configOverrides.buildMethods; ugaif.host.buildMethods = configOverrides.buildMethods;

16
hosts/types/nix-desktop.nix
View File

@@ -20,20 +20,20 @@
# ========== Boot Configuration ========== # ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support "xhci_pci" # USB 3.0 support
"nvme" # NVMe SSD support "nvme" # NVMe SSD support
"usb_storage" # USB storage devices "usb_storage" # USB storage devices
"sd_mod" # SD card support "sd_mod" # SD card support
"sdhci_pci" # SD card host controller "sdhci_pci" # SD card host controller
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ boot.kernelParams = [
"quiet" # Minimal boot messages "quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash "splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure "boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging "udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot "rd.systemd.show_status=auto" # Show systemd status during boot
]; ];

20
hosts/types/nix-ephemeral.nix
View File

@@ -20,20 +20,20 @@
# ========== Boot Configuration ========== # ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support "xhci_pci" # USB 3.0 support
"nvme" # NVMe support "nvme" # NVMe support
"usb_storage" # USB storage devices "usb_storage" # USB storage devices
"sd_mod" # SD card support "sd_mod" # SD card support
"sdhci_pci" # SD card host controller "sdhci_pci" # SD card host controller
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ boot.kernelParams = [
"quiet" # Minimal boot messages "quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash "splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure "boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging "udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot "rd.systemd.show_status=auto" # Show systemd status during boot
]; ];
@@ -42,8 +42,8 @@
ugaif.host.filesystem.swapSize = lib.mkForce "0G"; ugaif.host.filesystem.swapSize = lib.mkForce "0G";
ugaif.host.filesystem.device = lib.mkForce "/dev/null"; # Dummy device ugaif.host.filesystem.device = lib.mkForce "/dev/null"; # Dummy device
ugaif.host.buildMethods = lib.mkDefault [ ugaif.host.buildMethods = lib.mkDefault [
"iso" # Live ISO image "iso" # Live ISO image
"ipxe" # Network boot "ipxe" # Network boot
]; ];
# Disable disk management for RAM-only systems # Disable disk management for RAM-only systems

22
hosts/types/nix-laptop.nix
View File

@@ -20,25 +20,25 @@
# ========== Boot Configuration ========== # ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support "xhci_pci" # USB 3.0 support
"thunderbolt" # Thunderbolt support "thunderbolt" # Thunderbolt support
"nvme" # NVMe SSD support "nvme" # NVMe SSD support
"usb_storage" # USB storage devices "usb_storage" # USB storage devices
"sd_mod" # SD card support "sd_mod" # SD card support
"sdhci_pci" # SD card host controller "sdhci_pci" # SD card host controller
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ boot.kernelParams = [
"quiet" # Minimal boot messages "quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash "splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure "boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging "udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot "rd.systemd.show_status=auto" # Show systemd status during boot
"i915.enable_psr=0" # Disable Panel Self Refresh (stability) "i915.enable_psr=0" # Disable Panel Self Refresh (stability)
"i915.enable_dc=0" # Disable display power saving "i915.enable_dc=0" # Disable display power saving
"i915.enable_fbc=0" # Disable framebuffer compression "i915.enable_fbc=0" # Disable framebuffer compression
]; ];
# ========== Hardware Configuration ========== # ========== Hardware Configuration ==========

14
hosts/types/nix-lxc.nix
View File

@@ -31,30 +31,30 @@
# ========== Container-Specific Configuration ========== # ========== Container-Specific Configuration ==========
boot.isContainer = true; boot.isContainer = true;
boot.loader.systemd-boot.enable = lib.mkForce false; # No bootloader in container boot.loader.systemd-boot.enable = lib.mkForce false; # No bootloader in container
disko.enableConfig = lib.mkForce false; # No disk management in container disko.enableConfig = lib.mkForce false; # No disk management in container
console.enable = true; console.enable = true;
# Allow getty to work in containers # Allow getty to work in containers
systemd.services."getty@".unitConfig.ConditionPathExists = [ systemd.services."getty@".unitConfig.ConditionPathExists = [
"" ""
"/dev/%I" "/dev/%I"
]; ];
# Suppress unnecessary systemd units for containers # Suppress unnecessary systemd units for containers
systemd.suppressedSystemUnits = [ systemd.suppressedSystemUnits = [
"dev-mqueue.mount" "dev-mqueue.mount"
"sys-kernel-debug.mount" "sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount" "sys-fs-fuse-connections.mount"
]; ];
# ========== Remote Development ========== # ========== Remote Development ==========
services.vscode-server.enable = true; services.vscode-server.enable = true;
# ========== System Configuration ========== # ========== System Configuration ==========
system.stateVersion = "25.11"; system.stateVersion = "25.11";
ugaif.host.buildMethods = lib.mkDefault [ ugaif.host.buildMethods = lib.mkDefault [
"lxc" # LXC container tarball "lxc" # LXC container tarball
"proxmox" # Proxmox VMA archive "proxmox" # Proxmox VMA archive
]; ];
ugaif.sw.enable = lib.mkDefault true; ugaif.sw.enable = lib.mkDefault true;

26
hosts/types/nix-surface.nix
View File

@@ -30,26 +30,26 @@ in
# ========== Boot Configuration ========== # ========== Boot Configuration ==========
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" # USB 3.0 support "xhci_pci" # USB 3.0 support
"nvme" # NVMe support (though Surface uses eMMC) "nvme" # NVMe support (though Surface uses eMMC)
"usb_storage" # USB storage devices "usb_storage" # USB storage devices
"sd_mod" # SD card support "sd_mod" # SD card support
"sdhci_pci" # SD card host controller "sdhci_pci" # SD card host controller
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support boot.kernelModules = [ "kvm-intel" ]; # Intel virtualization support
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.kernelParams = [ boot.kernelParams = [
"quiet" # Minimal boot messages "quiet" # Minimal boot messages
"splash" # Show Plymouth boot splash "splash" # Show Plymouth boot splash
"boot.shell_on_fail" # Emergency shell on boot failure "boot.shell_on_fail" # Emergency shell on boot failure
"udev.log_priority=3" # Reduce udev logging "udev.log_priority=3" # Reduce udev logging
"rd.systemd.show_status=auto" # Show systemd status during boot "rd.systemd.show_status=auto" # Show systemd status during boot
"intel_ipu3_imgu" # Intel camera image processing "intel_ipu3_imgu" # Intel camera image processing
"intel_ipu3_isys" # Intel camera sensor interface "intel_ipu3_isys" # Intel camera sensor interface
"fbcon=map:1" # Framebuffer console mapping "fbcon=map:1" # Framebuffer console mapping
"i915.enable_psr=0" # Disable Panel Self Refresh (breaks resume) "i915.enable_psr=0" # Disable Panel Self Refresh (breaks resume)
"i915.enable_dc=0" # Disable display power saving "i915.enable_dc=0" # Disable display power saving
]; ];
# Use older kernel for better Surface hardware support # Use older kernel for better Surface hardware support

50
hosts/user-config.nix
View File

@@ -64,6 +64,11 @@ let
default = null; default = null;
description = "The shell for this user."; description = "The shell for this user.";
}; };
editor = lib.mkOption {
type = lib.types.nullOr lib.types.package;
default = null;
description = "The default editor for this user.";
};
useZshTheme = lib.mkOption { useZshTheme = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
@@ -74,42 +79,31 @@ let
default = true; default = true;
description = "Whether to apply the system Neovim configuration."; description = "Whether to apply the system Neovim configuration.";
}; };
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether this user account is enabled on this system.";
};
}; };
}; };
in in
{ {
options.ugaif.users = { options.ugaif.users = lib.mkOption {
shell = lib.mkOption { type = lib.types.attrsOf userSubmodule;
type = lib.types.package; default = { };
default = pkgs.bash; description = "User accounts configuration. Set enable=true for users that should exist on this system.";
description = "The default shell for users.";
};
accounts = lib.mkOption {
type = lib.types.attrsOf userSubmodule;
default = { };
description = "User accounts configuration.";
};
enabledUsers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of users to enable on this system.";
};
}; };
config = { config = {
# Default enabled users (always present) # Enable forUser if specified
ugaif.users.enabledUsers = [ ugaif.users = lib.mkIf (config.ugaif.forUser != null) {
"root" ${config.ugaif.forUser}.enable = true;
"engr-ugaif" };
]
++ lib.optional (config.ugaif.forUser != null) config.ugaif.forUser;
# Generate NixOS users # Generate NixOS users
users.users = users.users =
let let
enabledAccounts = lib.filterAttrs ( enabledAccounts = lib.filterAttrs (_: user: user.enable) config.ugaif.users;
name: _: lib.elem name config.ugaif.users.enabledUsers
) config.ugaif.users.accounts;
in in
lib.mapAttrs ( lib.mapAttrs (
name: user: name: user:
@@ -123,7 +117,7 @@ in
description = if user.description != null then user.description else lib.mkDefault ""; description = if user.description != null then user.description else lib.mkDefault "";
openssh.authorizedKeys.keys = user.opensshKeys; openssh.authorizedKeys.keys = user.opensshKeys;
packages = finalPackages; packages = finalPackages;
shell = if user.shell != null then user.shell else config.ugaif.users.shell; shell = if user.shell != null then user.shell else pkgs.bash;
} }
) enabledAccounts; ) enabledAccounts;
@@ -138,9 +132,7 @@ in
users = users =
let let
enabledAccounts = lib.filterAttrs ( enabledAccounts = lib.filterAttrs (_: user: user.enable) config.ugaif.users;
name: _: lib.elem name config.ugaif.users.enabledUsers
) config.ugaif.users.accounts;
in in
lib.mapAttrs ( lib.mapAttrs (
name: user: name: user:

36
installer/modules.nix
View File

@@ -19,10 +19,10 @@
# home-manager.users.myuser.imports = [ inputs.nixos-systems.homeManagerModules.theme ]; # home-manager.users.myuser.imports = [ inputs.nixos-systems.homeManagerModules.theme ];
# #
# # Neovim module (requires user parameter): # # Neovim module (requires user parameter):
# home-manager.users.myuser.imports = [ # home-manager.users.myuser.imports = [
# (inputs.nixos-systems.homeManagerModules.nvim { # (inputs.nixos-systems.homeManagerModules.nvim {
# user = config.ugaif.users.accounts.myuser; # user = config.ugaif.users.accounts.myuser;
# }) # })
# ]; # ];
{ inputs }: { inputs }:
@@ -39,8 +39,8 @@ let
}: }:
{ {
imports = [ imports = [
../sw/ghostty.nix # Terminal emulator ../sw/ghostty.nix # Terminal emulator
../sw/python.nix # Python environment ../sw/python.nix # Python environment
(import ../sw/${swType} { (import ../sw/${swType} {
inherit inherit
config config
@@ -60,32 +60,30 @@ let
# Helper to create a Home Manager module for nvim (requires user context) # Helper to create a Home Manager module for nvim (requires user context)
# External users can import this with their user data # External users can import this with their user data
mkNvimModule = mkNvimModule = user: (import ../sw/nvim.nix { inherit user; });
user:
(import ../sw/nvim.nix { inherit user; });
in in
{ {
# ========== Full Host Type Modules ========== # ========== Full Host Type Modules ==========
# Complete system configurations including hardware, boot, and software # Complete system configurations including hardware, boot, and software
nix-desktop = import ../hosts/types/nix-desktop.nix { inherit inputs; }; # Desktop workstations nix-desktop = import ../hosts/types/nix-desktop.nix { inherit inputs; }; # Desktop workstations
nix-laptop = import ../hosts/types/nix-laptop.nix { inherit inputs; }; # Laptop systems nix-laptop = import ../hosts/types/nix-laptop.nix { inherit inputs; }; # Laptop systems
nix-surface = import ../hosts/types/nix-surface.nix { inherit inputs; }; # Surface tablets nix-surface = import ../hosts/types/nix-surface.nix { inherit inputs; }; # Surface tablets
nix-lxc = import ../hosts/types/nix-lxc.nix { inherit inputs; }; # Proxmox containers nix-lxc = import ../hosts/types/nix-lxc.nix { inherit inputs; }; # Proxmox containers
nix-wsl = import ../hosts/types/nix-wsl.nix { inherit inputs; }; # WSL2 systems nix-wsl = import ../hosts/types/nix-wsl.nix { inherit inputs; }; # WSL2 systems
nix-ephemeral = import ../hosts/types/nix-ephemeral.nix { inherit inputs; }; # Diskless/RAM-only nix-ephemeral = import ../hosts/types/nix-ephemeral.nix { inherit inputs; }; # Diskless/RAM-only
# ========== Software-Only Modules (NixOS) ========== # ========== Software-Only Modules (NixOS) ==========
# For use with custom hardware configurations # For use with custom hardware configurations
sw-desktop = mkSwModule "desktop"; # Full desktop environment sw-desktop = mkSwModule "desktop"; # Full desktop environment
sw-headless = mkSwModule "headless"; # CLI-only systems sw-headless = mkSwModule "headless"; # CLI-only systems
sw-stateless-kiosk = mkSwModule "stateless-kiosk"; # Netboot kiosk sw-stateless-kiosk = mkSwModule "stateless-kiosk"; # Netboot kiosk
sw-tablet-kiosk = mkSwModule "tablet-kiosk"; # Touch-based kiosk sw-tablet-kiosk = mkSwModule "tablet-kiosk"; # Touch-based kiosk
# ========== Home Manager Modules ========== # ========== Home Manager Modules ==========
# User-level configuration modules # User-level configuration modules
# Usage: home-manager.users.myuser.imports = [ (inputs.nixos-systems.homeManagerModules.nvim { user = <user-data>; }) ]; # Usage: home-manager.users.myuser.imports = [ (inputs.nixos-systems.homeManagerModules.nvim { user = <user-data>; }) ];
homeModules = { homeModules = {
theme = ../sw/theme.nix; # Zsh theme (no params needed) theme = ../sw/theme.nix; # Zsh theme (no params needed)
nvim = mkNvimModule; # Neovim (requires user param) nvim = mkNvimModule; # Neovim (requires user param)
}; };
} }

8
sw/default.nix
View File

@@ -71,10 +71,10 @@ in
environment.systemPackages = environment.systemPackages =
with pkgs; with pkgs;
subtractLists cfg.excludePackages [ subtractLists cfg.excludePackages [
htop # System monitor htop # System monitor
binutils # Binary utilities binutils # Binary utilities
zsh # Z shell zsh # Z shell
git # Version control git # Version control
oh-my-posh # Shell prompt theme oh-my-posh # Shell prompt theme
inputs.agenix.packages.${stdenv.hostPlatform.system}.default # Secret management inputs.agenix.packages.${stdenv.hostPlatform.system}.default # Secret management
]; ];

7
users.nix
View File

@@ -9,10 +9,12 @@
# Define the users here using the new option # Define the users here using the new option
# To generate a password hash, run: mkpasswd -m sha-512 # To generate a password hash, run: mkpasswd -m sha-512
ugaif.users.accounts = { # Set enabled = true on systems where the user should exist
ugaif.users = {
root = { root = {
isNormalUser = false; isNormalUser = false;
hashedPassword = "!"; hashedPassword = "!";
enable = true; # Root is always enabled
}; };
engr-ugaif = { engr-ugaif = {
description = "UGA Innovation Factory"; description = "UGA Innovation Factory";
@@ -26,6 +28,7 @@
opensshKeys = [ opensshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBC7xzHxY2BfFUybMvG4wHSF9oEAGzRiLTFEndLvWV/X hdh20267@engr733847d.engr.uga.edu" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBC7xzHxY2BfFUybMvG4wHSF9oEAGzRiLTFEndLvWV/X hdh20267@engr733847d.engr.uga.edu"
]; ];
enable = true; # Default user, enabled everywhere
}; };
hdh20267 = { hdh20267 = {
description = "Hunter Halloran"; description = "Hunter Halloran";
@@ -37,6 +40,7 @@
shell = pkgs.zsh; shell = pkgs.zsh;
# Example of using an external flake for configuration: # Example of using an external flake for configuration:
# flakeUrl = "github:hdh20267/dotfiles"; # flakeUrl = "github:hdh20267/dotfiles";
# enable = false by default, set to true per-system
}; };
sv22900 = { sv22900 = {
description = "Alireza Vaezi"; description = "Alireza Vaezi";
@@ -45,6 +49,7 @@
"wheel" "wheel"
]; ];
shell = pkgs.zsh; shell = pkgs.zsh;
# enable = false by default, set to true per-system
}; };
}; };
} }