nixos/modules/user/default.nix

inputs:
{
  imports = inputs.localLib.findModules ./.;
  options.nixos.user = let inherit (inputs.lib) mkOption types; in
  {
    users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" ]; };
    sharedModules = mkOption { type = types.listOf types.anything; default = []; };
    uid = mkOption
    {
      type = types.attrsOf types.ints.unsigned;
      readOnly = true;
      default =
      {
        chn = 1000;
        xll = 1001;
        yjq = 1002;
        yxy = 1003;
        zem = 1004;
        gb = 1005;
        test = 1006;
        misskey-misskey = 2000;
        misskey-misskey-old = 2001;
        frp = 2002;
        mirism = 2003;
        httpapi = 2004;
        httpua = 2005;
        rsshub = 2006;
        v2ray = 2007;
        fz-new-order = 2008;
        synapse-synapse = 2009;
        synapse-matrix = 2010;
        hpcstat = 2011;
      };
    };
    gid = mkOption
    {
      type = types.attrsOf types.ints.unsigned;
      readOnly = true;
      default = inputs.config.nixos.user.uid //
      {
        groupshare = 3000;
        telegram = 3001;
      };
    };
  };
  config = let inherit (inputs.config.nixos) user; in inputs.lib.mkMerge
  [
    {
      users =
      {
        users = builtins.listToAttrs (builtins.map
          (userName:
          {
            name = userName;
            value =
            {
              uid = user.uid.${userName};
              group = userName;
              isNormalUser = true;
              shell = inputs.pkgs.zsh;
              extraGroups = inputs.lib.intersectLists [ "users" "video" "audio" ]
                (builtins.attrNames inputs.config.users.groups);
              # ykman fido credentials list
              # ykman fido credentials delete f2c1ca2d
              # ssh-keygen -t ed25519-sk -O resident
              # ssh-keygen -K
              openssh.authorizedKeys.keys =
                let
                  keys = [ "rsa" "ed25519" "ed25519_sk" ];
                  getKey = user: key: inputs.lib.optional (builtins.pathExists ./${user}/id_${key}.pub)
                    (builtins.readFile ./${user}/id_${key}.pub);
                in builtins.concatLists (builtins.map (key: getKey userName key) keys);
            };
          })
          user.users);
        groups = builtins.listToAttrs (builtins.map
          (name: { inherit name; value.gid = user.gid.${name}; })
          user.users);
      };
      home-manager.users = builtins.listToAttrs (builtins.map
        (name: { inherit name; value.imports = user.sharedModules; })
        user.users);
      environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories = builtins.map
        (user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })
        (builtins.filter (user: user != "chn") user.users);
    }
    # set hashedPassword if it exist in secrets
    (
      inputs.lib.mkIf inputs.config.nixos.system.sops.enable
      (
        let
          secrets = inputs.pkgs.localPackages.fromYaml (builtins.readFile inputs.config.sops.defaultSopsFile);
          hashedPasswordExist = userName: (secrets ? users) && ((secrets.users or {}) ? ${userName});
        in
        {
          users.users = builtins.listToAttrs (builtins.map
            (name: { inherit name; value.hashedPasswordFile = inputs.config.sops.secrets."users/${name}".path; })
            (builtins.filter (user: hashedPasswordExist user) user.users));
          sops.secrets = builtins.listToAttrs (builtins.map
            (name: { name = "users/${name}"; value.neededForUsers = true; })
            (builtins.filter (user: hashedPasswordExist user) user.users));
        }
      )
    )
    {
      users.users.root =
      {
        shell = inputs.pkgs.zsh;
        openssh.authorizedKeys.keys =
          [ (builtins.readFile ./chn/id_ed25519_sk.pub) (builtins.readFile ./chn/id_ed25519.pub) ];
        hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
      };
      home-manager.users.root =
      {
        imports = user.sharedModules;
        config.programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
      };
    }
    (inputs.lib.mkIf (builtins.elem "test" user.users) { users.users.test.password = "test"; })
  ];
}

# environment.persistence."/impermanence".users.chn =
# {
#   directories =
#   [
#     "Desktop"
#     "Documents"
#     "Downloads"
#     "Music"
#     "repo"
#     "Pictures"
#     "Videos"

#     ".cache"
#     ".config"
#     ".gnupg"
#     ".local"
#     ".ssh"
#     ".android"
#     ".exa"
#     ".gnome"
#     ".Mathematica"
#     ".mozilla"
#     ".pki"
#     ".steam"
#     ".tcc"
#     ".vim"
#     ".vscode"
#     ".Wolfram"
#     ".zotero"

#   ];
#   files =
#   [
#     ".bash_history"
#     ".cling_history"
#     ".gitconfig"
#     ".gtkrc-2.0"
#     ".root_hist"
#     ".viminfo"
#     ".zsh_history"
#   ];
# };
暂存 2023-07-27 21:14:39 +08:00			`inputs:`
users: 分离各个用户的配置 2023-11-19 17:15:44 +08:00			`{`
localLib.findModules: include mkModules 2024-03-25 11:30:50 +08:00			`imports = inputs.localLib.findModules ./.;`
users -> user 2024-03-19 20:01:45 +08:00			`options.nixos.user = let inherit (inputs.lib) mkOption types; in`
整理 users 2023-09-12 16:31:20 +08:00			`{`
use fixed uid 2023-12-09 20:01:50 +08:00			`users = mkOption { type = types.listOf types.nonEmptyStr; default = [ "chn" ]; };`
users: 分离各个用户的配置 2023-11-19 17:15:44 +08:00			`sharedModules = mkOption { type = types.listOf types.anything; default = []; };`
move system.user to user 2024-03-19 20:12:16 +08:00			`uid = mkOption`
use fixed uid 2023-12-09 20:01:50 +08:00			`{`
move system.user to user 2024-03-19 20:12:16 +08:00			`type = types.attrsOf types.ints.unsigned;`
			`readOnly = true;`
			`default =`
			`{`
			`chn = 1000;`
			`xll = 1001;`
			`yjq = 1002;`
			`yxy = 1003;`
			`zem = 1004;`
			`gb = 1005;`
			`test = 1006;`
			`misskey-misskey = 2000;`
			`misskey-misskey-old = 2001;`
			`frp = 2002;`
			`mirism = 2003;`
			`httpapi = 2004;`
			`httpua = 2005;`
			`rsshub = 2006;`
			`v2ray = 2007;`
			`fz-new-order = 2008;`
			`synapse-synapse = 2009;`
			`synapse-matrix = 2010;`
services.hpcstat: init 2024-05-04 15:18:03 +08:00			`hpcstat = 2011;`
move system.user to user 2024-03-19 20:12:16 +08:00			`};`
			`};`
			`gid = mkOption`
			`{`
			`type = types.attrsOf types.ints.unsigned;`
			`readOnly = true;`
			`default = inputs.config.nixos.user.uid //`
			`{`
			`groupshare = 3000;`
services: fix permission 2024-05-04 16:33:16 +08:00			`telegram = 3001;`
move system.user to user 2024-03-19 20:12:16 +08:00			`};`
use fixed uid 2023-12-09 20:01:50 +08:00			`};`
move system.user to user 2024-03-19 20:12:16 +08:00			`};`
user: 整理 2024-03-20 09:08:20 +08:00			`config = let inherit (inputs.config.nixos) user; in inputs.lib.mkMerge`
			`[`
			`{`
			`users =`
move system.user to user 2024-03-19 20:12:16 +08:00			`{`
user: 整理 2024-03-20 09:08:20 +08:00			`users = builtins.listToAttrs (builtins.map`
			`(userName:`
			`{`
			`name = userName;`
			`value =`
			`{`
			`uid = user.uid.${userName};`
			`group = userName;`
			`isNormalUser = true;`
			`shell = inputs.pkgs.zsh;`
			`extraGroups = inputs.lib.intersectLists [ "users" "video" "audio" ]`
			`(builtins.attrNames inputs.config.users.groups);`
			`# ykman fido credentials list`
			`# ykman fido credentials delete f2c1ca2d`
			`# ssh-keygen -t ed25519-sk -O resident`
			`# ssh-keygen -K`
			`openssh.authorizedKeys.keys =`
			`let`
			`keys = [ "rsa" "ed25519" "ed25519_sk" ];`
			`getKey = user: key: inputs.lib.optional (builtins.pathExists ./${user}/id_${key}.pub)`
			`(builtins.readFile ./${user}/id_${key}.pub);`
packages.ssh: 整理 2024-06-16 13:07:38 +08:00			`in builtins.concatLists (builtins.map (key: getKey userName key) keys);`
user: 整理 2024-03-20 09:08:20 +08:00			`};`
			`})`
			`user.users);`
			`groups = builtins.listToAttrs (builtins.map`
			`(name: { inherit name; value.gid = user.gid.${name}; })`
			`user.users);`
			`};`
			`home-manager.users = builtins.listToAttrs (builtins.map`
			`(name: { inherit name; value.imports = user.sharedModules; })`
			`user.users);`
system.user: automatically create directories 2024-03-24 20:41:41 +08:00			`environment.persistence."${inputs.config.nixos.system.impermanence.persistence}".directories = builtins.map`
			`(user: { directory = "/home/${user}"; inherit user; group = user; mode = "0700"; })`
user.chn: persist per program 2024-05-30 21:07:39 +08:00			`(builtins.filter (user: user != "chn") user.users);`
user: 整理 2024-03-20 09:08:20 +08:00			`}`
user: 整理 2024-03-20 20:34:02 +08:00			`# set hashedPassword if it exist in secrets`
			`(`
user: fix 2024-05-26 13:05:50 +08:00			`inputs.lib.mkIf inputs.config.nixos.system.sops.enable`
			`(`
			`let`
			`secrets = inputs.pkgs.localPackages.fromYaml (builtins.readFile inputs.config.sops.defaultSopsFile);`
			`hashedPasswordExist = userName: (secrets ? users) && ((secrets.users or {}) ? ${userName});`
			`in`
			`{`
			`users.users = builtins.listToAttrs (builtins.map`
			`(name: { inherit name; value.hashedPasswordFile = inputs.config.sops.secrets."users/${name}".path; })`
			`(builtins.filter (user: hashedPasswordExist user) user.users));`
			`sops.secrets = builtins.listToAttrs (builtins.map`
			`(name: { name = "users/${name}"; value.neededForUsers = true; })`
			`(builtins.filter (user: hashedPasswordExist user) user.users));`
			`}`
			`)`
user: 整理 2024-03-20 20:34:02 +08:00			`)`
user: 整理 2024-03-20 09:08:20 +08:00			`{`
user: 整理 2024-03-20 20:34:02 +08:00			`users.users.root =`
			`{`
users: fix 2024-03-22 19:58:39 +08:00			`shell = inputs.pkgs.zsh;`
modules.user.chn: add new key 2024-06-18 21:52:50 +08:00			`openssh.authorizedKeys.keys =`
			`[ (builtins.readFile ./chn/id_ed25519_sk.pub) (builtins.readFile ./chn/id_ed25519.pub) ];`
user: 整理 2024-03-20 20:34:02 +08:00			`hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";`
			`};`
users: fix 2024-03-22 19:58:39 +08:00			`home-manager.users.root =`
			`{`
			`imports = user.sharedModules;`
packages.vim: split from server 2024-05-30 14:17:49 +08:00			`config.programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };`
users: fix 2024-03-22 19:58:39 +08:00			`};`
user: 整理 2024-03-20 09:08:20 +08:00			`}`
user: 整理 2024-03-20 20:34:02 +08:00			`(inputs.lib.mkIf (builtins.elem "test" user.users) { users.users.test.password = "test"; })`
user: 整理 2024-03-20 09:08:20 +08:00			`];`
users: 分离各个用户的配置 2023-11-19 17:15:44 +08:00			`}`
暂存 2023-07-27 21:14:39 +08:00
			`# environment.persistence."/impermanence".users.chn =`
			`# {`
tab 替换为空格 2023-09-01 21:05:26 +08:00			`# directories =`
			`# [`
			`# "Desktop"`
			`# "Documents"`
			`# "Downloads"`
			`# "Music"`
			`# "repo"`
			`# "Pictures"`
			`# "Videos"`
暂存 2023-07-27 21:14:39 +08:00
tab 替换为空格 2023-09-01 21:05:26 +08:00			`# ".cache"`
			`# ".config"`
			`# ".gnupg"`
			`# ".local"`
			`# ".ssh"`
			`# ".android"`
			`# ".exa"`
			`# ".gnome"`
			`# ".Mathematica"`
			`# ".mozilla"`
			`# ".pki"`
			`# ".steam"`
			`# ".tcc"`
			`# ".vim"`
			`# ".vscode"`
			`# ".Wolfram"`
			`# ".zotero"`
暂存 2023-07-27 21:14:39 +08:00
tab 替换为空格 2023-09-01 21:05:26 +08:00			`# ];`
			`# files =`
			`# [`
			`# ".bash_history"`
			`# ".cling_history"`
			`# ".gitconfig"`
			`# ".gtkrc-2.0"`
			`# ".root_hist"`
			`# ".viminfo"`
			`# ".zsh_history"`
			`# ];`
users: enable linger 2023-09-18 19:08:04 +08:00			`# };`