user updates

2025-08-21 19:40:32 -05:00
parent 34746e865b
commit 09b3fcb825
23 changed files with 607 additions and 535 deletions
--- a/systems/aarch64-linux/macbook-pro-nixos/default.nix
+++ b/systems/aarch64-linux/macbook-pro-nixos/default.nix
@@ -26,6 +26,25 @@ in
  };

  ${namespace} = {
+    user = {
+      name = "matt";
+      extraGroups = [
+        "ratbagd"
+        "input"
+        "scanner"
+        "lp"
+        "video"
+        "i2c"
+      ];
+      packages = with pkgs; [
+        firefox
+        tree
+        git
+        box64
+        prismlauncher
+        distrobox
+      ];
+    };
    desktop = {
      hyprland = {
        enable = true;
@@ -85,31 +104,6 @@ in

  nixpkgs.config.allowUnsupportedSystem = true;

-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.matt = {
-    isNormalUser = true;
-    extraGroups = [
-      "wheel"
-      "keys"
-      "networkmanager"
-      "ratbagd"
-      "input"
-      "scanner"
-      "lp"
-      "video"
-      "i2c"
-    ]; # Enable ‘sudo’ for the user.
-    shell = pkgs.zsh;
-    packages = with pkgs; [
-      firefox
-      tree
-      git
-      box64
-      prismlauncher
-      distrobox
-    ];
-  };
-
  virtualisation = {
    containers.enable = true;
    podman.enable = true;
--- a/systems/aarch64-linux/pi4/default.nix
+++ b/systems/aarch64-linux/pi4/default.nix
@@ -9,8 +9,6 @@
  ...
 }:
 let
-  user = "matt";
-  # password = config.sops.secrets."pi4/matt-password".path;
  kernelBundle = pkgs.linuxAndFirmware.latest;
 in
 {
@@ -23,6 +21,15 @@ in

  ${namespace} = {
    hardware.disko.enable = true;
+    user = {
+      name = "matt";
+      password = "BogieDudie1";
+      mutableUsers = false;
+      extraGroups = [
+        "docker"
+        "video"
+      ];
+    };
    network = {
      hostName = "pi4";
      ipv4 = {
@@ -80,35 +87,11 @@ in
    ];
  };

-  users = {
-    mutableUsers = false;
-    users = {
-      "${user}" = {
-        isNormalUser = true;
-        # hashedPasswordFile = password;
-        password = lib.mkForce "BogieDudie1";
-        extraGroups = [
-          "wheel"
-          "docker"
-          "video"
-        ];
-        shell = pkgs.zsh;
-        openssh.authorizedKeys.keys = [
-          # macBook
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
-          # desktop windows
-          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
-          # desktop nixos
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
-        ];
-      };
-
-      root = {
-        isSystemUser = true;
-        isNormalUser = false;
-        shell = pkgs.zsh;
-      };
-    };
+  # Root user configuration - explicit to avoid conflicts with home-manager
+  users.users.root = {
+    isSystemUser = true;
+    isNormalUser = false;
+    shell = pkgs.zsh;
  };

  programs = {
--- a/systems/aarch64-linux/pi4/networking.nix
+++ b/systems/aarch64-linux/pi4/networking.nix
@@ -1,7 +1,4 @@
 { lib, config, ... }:
-let
-  hostname = "pi4";
-in
 {
  # Networking configs
  networking = {
--- a/systems/aarch64-linux/pi5/default.nix
+++ b/systems/aarch64-linux/pi5/default.nix
@@ -10,8 +10,6 @@
  ...
 }:
 let
-  user = "matt";
-  # password = config.sops.secrets."pi5/matt-password".path;
  kernelBundle = pkgs.linuxAndFirmware.latest;
 in
 {
@@ -25,6 +23,16 @@ in
  ${namespace} = {
    hardware.disko.enable = true;
    desktop.hyprland.enable = false;
+    user = {
+      name = "matt";
+      password = "BogieDudie1";
+      mutableUsers = false;
+      extraGroups = [ "docker" ];
+      sshKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTha0FbV1tkpnJr7xVH78S5MetJH+0o2YrEcuvhL692 root@jallen-nas"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwoHWOLSTGVif9hAhaMLl0qDA4roIzCNuyR6kyIXDOj admin@jallen-nas"
+      ];
+    };
    network = {
      hostName = "pi5";
      ipv4 = {
@@ -89,30 +97,8 @@ in

  hardware.graphics.enable32Bit = lib.mkForce false;

-  users = {
-    mutableUsers = false;
-    users."${user}" = {
-      isNormalUser = true;
-      #      hashedPasswordFile = password;
-      password = lib.mkForce "BogieDudie1";
-      extraGroups = [
-        "wheel"
-        "docker"
-      ];
-      openssh.authorizedKeys.keys = [
-        # macBook
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCw9zq8DLGByI5v2gAn95hKNyOsm3g61a2buxu2BBMFysQJgmZPCCLUqRJKhSM5Vm/JOgsAmdpRBRZQoHD+6S844CJHb4v4VIbjkyQgYCuM7Rst2IOZ5QybvsA2/D0nwytZ+HXQqDj2AagUYDbz0gyyIHkDQ5YGBMkvkWz/h1Vci6aoBM7VihEDM4KlWoTVuPeASGM8r5IZ2FS83Djbqo4ov6AYvLMrKB9Z7hmFgH6R3LE0gxOkzbGVXtSuvJyrjvgytoT22UhATjjxSQ9D+YJXXkQoB3lUdg8OoIquUPjMZpl4mR8ffvseWPfcvD1XlD5t+TOHFqKpESO547tlOBYhdpew+NSgAXpamCU6oyV8tDCywLQu2ucxHRn78u6WXzWHkDtffdhzmk6TZaPhWqVHuTGjR4higBgGqUfSaKOMszt+FDRZAr3HtuQ2+zJ8bowK9fW5OqilTtK2HtQqroD9ApegDNbqOz6kGy5IycSXvqPURy/M4lxZxbtBPuemcJs= mattjallen@MacBook-Pro.local"
-        # desktop windows
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ2PYPjZddOzR8OJj16G88KcUhCDLkvrEmpUQP0wKHDUuA27HQQ2ORo66asadwGHY3k1VDZ1ei9l9H++SIIeKOaaUr5yZdktvj4POUNtbd9ZhcS7sZU7BSF+NMDM+h3tImh6z0S7mWvRQOUv3ZM+ZER+5xTWJVG1OOJEpb1drxJk6Qz0wbZKSR7TPNFBLLXlVy7hkNYf07RtDyhCCxNB3hJfa8c+oztnWumwDhDQWLqiUXWIU2QH6iRLGl/WYnujtNvVVaV/Hn3JJkS6MM9dnV3cpoIO0+J7+WfsN9rZ0wXt5yY3GhiGXwmcO5eYVli8lHlLWtK7aYSETyry6CBsLbojzOQO5rSqhpwfF2njAAFAQU0UjLc8PahisIuFKCwHH4iyXXOagiv5K1Mc/0Ak+WhhMPee6vV2p7NTyNpXRvouDbWy5cSRH31WgQ9fK5mIGe5v8nGGqtEhUubUkiOgP+H3UbT2V/nTv/TFKdJcKw+WmizvTrxBmaMjWALlkYl+s= mattl@Jallen-PC"
-        # desktop nixos
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTBMydhOc6SnOdB5WrEd7X07DrboAtagCUgXiOJjLov matt@matt-nixos"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTha0FbV1tkpnJr7xVH78S5MetJH+0o2YrEcuvhL692 root@jallen-nas"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIwoHWOLSTGVif9hAhaMLl0qDA4roIzCNuyR6kyIXDOj admin@jallen-nas"
-      ];
-      shell = pkgs.zsh;
-    };
-    users.root.shell = pkgs.zsh;
-  };
+  # Root user configuration
+  users.users.root.shell = pkgs.zsh;

  programs = {
    kdeconnect.enable = false;
--- a/systems/x86_64-linux/nas/boot.nix
+++ b/systems/x86_64-linux/nas/boot.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
  configLimit = 50;
  kernel = pkgs.linuxPackages; # linuxPackages_latest;
--- a/systems/x86_64-linux/nas/default.nix
+++ b/systems/x86_64-linux/nas/default.nix
@@ -109,6 +109,7 @@
    };
    user = {
      name = "admin";
+      linger = true;
    };
  };

--- a/systems/x86_64-linux/nas/sops.nix
+++ b/systems/x86_64-linux/nas/sops.nix
@@ -33,7 +33,7 @@ in
        owner = config.users.users."${user}".name;
        group = config.users.users."${user}".group;
      };
-      
+
      "jallen-nas/nas_pool" = {
        mode = "0600";
        owner = config.users.users."${user}".name;