define primary Linux username in base-user.nix

2025-04-01 16:45:59 +02:00 · 2025-03-30 13:27:21 +02:00 · 2025-03-30 13:27:21 +02:00 · 7fa6af56b3
commit 7fa6af56b3
parent f6e6e3e36f
21 changed files with 121 additions and 46 deletions
--- a/hosts/pi3bplus/configuration.nix
+++ b/hosts/pi3bplus/configuration.nix
@ -1,4 +1,7 @@
 { config, pkgs, lib, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports =
    [ # Include the results of the hardware scan.
@ -45,9 +48,9 @@
  };

  # Define a user account. Don't forget to set a password with 'passwd'.
-  users.users."yoda" = {
+  users.users."${user}" = {
    isNormalUser = true;
-    description = "Yoda";
+    description = "${user}";
    extraGroups = [ "wheel" ]; # Enable 'sudo' for the user.
  };

--- a/hosts/yodaNas/notify-change.nix
+++ b/hosts/yodaNas/notify-change.nix
@ -1,8 +1,10 @@
 { config, pkgs, ...}:
 let
+  user = config.yoda.user;
+
  name = "notify-change";
  subdir = "readonly-git/notify-change";
-  fulldir = "/home/yoda/${subdir}";
+  fulldir = "/home/${user}/${subdir}";

  jdk = pkgs.jdk23;
  gradle = pkgs.gradle.override {
@ -16,7 +18,7 @@ in
    # comma-separated list of email addresses
    keyFile = ../../secrets/${name}-email-recipients;
    destDir = "/secrets";
-    user = "yoda";
+    user = "${user}";
    #group = "smtpd"; # Default: root
    permissions = "0400";
    uploadAt = "pre-activation";
@ -25,7 +27,7 @@ in
  deployment.keys."${name}-EMAIL_USER" = {
    keyFile = ../../secrets/user.web.de;
    destDir = "/secrets";
-    user = "yoda";
+    user = "${user}";
    #group = "smtpd"; # Default: root
    permissions = "0400";
    uploadAt = "pre-activation";
@ -34,7 +36,7 @@ in
  deployment.keys."${name}-EMAIL_PASSWORD" = {
    keyFile = ../../secrets/pwd.web.de;
    destDir = "/secrets";
-    user = "yoda";
+    user = "${user}";
    #group = "smtpd"; # Default: root
    permissions = "0400";
    uploadAt = "pre-activation";
@ -43,7 +45,7 @@ in
  deployment.keys."${name}-ILIAS_USER" = {
    keyFile = ../../secrets/user.ilias.uni-marburg.de;
    destDir = "/secrets";
-    user = "yoda";
+    user = "${user}";
    #group = "smtpd"; # Default: root
    permissions = "0400";
    uploadAt = "pre-activation";
@ -52,14 +54,14 @@ in
  deployment.keys."${name}-ILIAS_PASSWORD" = {
    keyFile = ../../secrets/pwd.ilias.uni-marburg.de;
    destDir = "/secrets";
-    user = "yoda";
+    user = "${user}";
    #group = "smtpd"; # Default: root
    permissions = "0400";
    uploadAt = "pre-activation";
  };

  # Download notify-change Git repository.
-#  home-manager.users.yoda = { osConfig, config, pkgs, ... }: {
+#  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
 #    home.file."${subdir}".source = (builtins.fetchGit {
 #      url = "https://codeberg.org/privacy1st/selenium-webdriver-ide-demo";
 #      ref = "changedetection";
@ -87,7 +89,7 @@ in
    serviceConfig = {
      Type = "oneshot";
      PrivateTmp = true;
-      User = "yoda";
+      User = "${user}";
    };
    path = [
      pkgs.bash # todo
--- a/hosts/yodaYoga/BikeTripPlanner.nix
+++ b/hosts/yodaYoga/BikeTripPlanner.nix
@ -1,4 +1,7 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports = [
    ../../modules/headless.nix
@ -13,7 +16,7 @@
  ];

  # Download BikeTripPlanner Git repository.
-  home-manager.users."yoda" = { osConfig, config, pkgs, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
    home.file."readonly-git/BikeTripPlanner".source = (builtins.fetchGit {
      url = "https://github.com/langbein-daniel/BikeTripPlanner";
      #rev = "6d4daf18235189825b0c314901b1617ece6d8641";
@ -31,7 +34,7 @@
      docker
    ];
    script = ''
-      docker compose -f /home/yoda/readonly-git/BikeTripPlanner/deployment/btp-only.yml up -d --wait
+      docker compose -f /home/${user}/readonly-git/BikeTripPlanner/deployment/btp-only.yml up -d --wait
    '';
    # Start after login.
    wantedBy = [ "multi-user.target" ];
--- a/modules/android.nix
+++ b/modules/android.nix
@ -1,10 +1,13 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  # adb and fastboot

  # https://nixos.wiki/wiki/Android#adb_setup
  programs.adb.enable = true;
-  users.users."yoda".extraGroups = [ "adbusers" "plugdev" ];
+  users.users."${user}".extraGroups = [ "adbusers" "plugdev" ];

  # plugdev group: https://developer.android.com/studio/run/device
  # How to add user to new group: https://superuser.com/a/1352988
--- a/modules/base-minimal.nix
+++ b/modules/base-minimal.nix
@ -1,6 +1,11 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports = [
+    ./base-user.nix
+
    # Filesystem settings.
    ./btrfsFileSystems.nix
    ./btrfsMounts.nix
@ -51,9 +56,9 @@

  # Define a user account.
  # Don't forget to set a password with `passwd`.
-  users.users."yoda" = {
+  users.users."${user}" = {
    isNormalUser = true;
-    description = "Yoda";
+    description = "${user}";
    extraGroups = [ "wheel" ];
  };

@ -74,7 +79,7 @@
  # Options only for build.system.vm - they won’t get applied when building build.system.toplevel aka the normal system config.
  # https://discourse.nixos.org/t/wayland-compositors-an-build-vm-not-working/46486/2
  virtualisation.vmVariant = {
-    users.users."yoda".initialPassword = "asdf";
+    users.users."${user}".initialPassword = "asdf";
    virtualisation.qemu.options = [
      "-device virtio-vga-gl"
      "-display sdl,gl=on,show-cursor=off"
--- a/modules/base-user.nix
+++ b/modules/base-user.nix
@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+let
+  defaultUsername = "yoda";
+in
+{
+  options.yoda.user = lib.mkOption {
+    # You can find the exhaustive list of types here: https://nlewo.github.io/nixos-manual-sphinx/development/option-types.xml.html
+    type = lib.types.str;
+    default = defaultUsername;
+    description = "Username of the primary Linux user account. Must not include regex special characters.";
+  };
+
+  config = {
+    yoda.user = defaultUsername;
+  };
+}
--- a/modules/base.nix
+++ b/modules/base.nix
@ -1,4 +1,7 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports = [
    ./base-minimal.nix
@ -14,7 +17,7 @@

    # Shell settings.
    ./bash.nix # bash settings.
-    ./zsh.nix # zsh as default shell for yoda and root.
+    ./zsh.nix # zsh as default shell for $user and root.
    ./fzf.nix # Fuzzy command history and file search.

    # nixpkgs config
@ -32,7 +35,7 @@
  # Enable networking.
  networking.networkmanager.enable = true;
  #
-  users.users."yoda" = {
+  users.users."${user}" = {
    extraGroups = [ "networkmanager" ];
  };

--- a/modules/dosbox-x.nix
+++ b/modules/dosbox-x.nix
@ -1,6 +1,9 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      dosbox-x # Virtual machines with DOS-based Windows such as Windows 3.x and Windows 9x
    ];
--- a/modules/file-roller.nix
+++ b/modules/file-roller.nix
@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      file-roller # Archive manager: Compress and decompress
      lz4 # Add support to extract lz4 archives
--- a/modules/games.nix
+++ b/modules/games.nix
@ -1,4 +1,7 @@
 { config, pkgs, lib, ... }:
+let
+  user = config.yoda.user;
+in
 {
  # NixOS general:
  #   https://github.com/NixOS/nixpkgs/tree/nixos-23.11/pkgs/games/
@ -42,7 +45,7 @@
    "dotnet-sdk-6.0.428"
  ];

-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      #
      # Sandbox
--- a/modules/gnome-terminal.nix
+++ b/modules/gnome-terminal.nix
@ -1,6 +1,9 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      #gnome.gnome-terminal # Terminal emulator
      nautilus-open-any-terminal # For Nautilus (GNOME files) integration
@ -10,7 +13,7 @@
  # For Nautilus (GNOME files) integration
  programs.dconf.enable = true;

-  home-manager.users."yoda" = { osConfig, config, pkgs, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
    dconf.settings = {
      # For Nautilus (GNOME files) integration
      "com/github/stunkymonkey/nautilus-open-any-terminal" = {
@ -21,7 +24,7 @@
    programs.gnome-terminal.enable = true;
    programs.gnome-terminal.profile."74b90a31-5123-4a64-91a3-3cb31eb5cdb6" = {
      default = true;
-      visibleName = "Yoda's Terminal";
+      visibleName = "${user}'s terminal";
      font = "DejaVu Sans Mono 11";
      audibleBell = false;

--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@ -40,12 +40,14 @@

 { config, pkgs, ... }:
 let
+  user = config.yoda.user;
+
  stopped-service-consumption-summary = ''
    \S+\.(service|scope|slice|swap|mount): Consumed ([0-9]+d )?([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\.'';
  sshd-log = ''
-    Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: ED25519 SHA256:\S+
+    Accepted publickey for (root|${user}) from \S+ port \S+ ssh2: ED25519 SHA256:\S+
    # TODO: Change RSA key of yodaHedgehog to ED25519
-    Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
+    Accepted publickey for (root|${user}) from \S+ port \S+ ssh2: RSA SHA256:\S+
    pam_unix\(sshd:session\): session opened for user \S+ by \S+
    Received disconnect from \S+ port \S+:11: disconnected by user
    Disconnected from user \S+ \S+ port \S+
@ -61,16 +63,16 @@ let
    Invalid user \S+ from \S+ port \S+
    Disconnected from \S+ port \S+ \[preauth\]
    Disconnected from invalid user \S+ \S+ port \S+ \[preauth\]
-    Disconnected from authenticating user (root|yoda) \S+ port \S+ \[preauth\]
+    Disconnected from authenticating user (root|${user}) \S+ port \S+ \[preauth\]
    Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\]
    Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\]
    Connection reset by invalid user \S+ \S+ port \S+ \[preauth\]
-    Connection reset by authenticating user (root|yoda) \S+ port \S+ \[preauth\]
+    Connection reset by authenticating user (root|${user}) \S+ port \S+ \[preauth\]
    Connection reset by \S+ port \S+ \[preauth\]
    Connection reset by \S+ port \S+
    Connection closed by \S+ port \S+
    Connection closed by \S+ port \S+ \[preauth\]
-    Connection closed by authenticating user (root|yoda) \S+ port \S+ \[preauth\]
+    Connection closed by authenticating user (root|${user}) \S+ port \S+ \[preauth\]
    Connection closed by invalid user \S+ \S+ port \S+ \[preauth\]
    error: kex_exchange_identification: banner line contains invalid characters
    error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*"
@ -743,7 +745,7 @@ in
          Created slice User Application Slice\.
          Queued start job for default target Main User Target\.
          pam_unix\(systemd-user:session\): session opened for user root\(uid=0\) by \(uid=0\)
-          pam_unix\(systemd-user:session\): session closed for user (root|yoda)
+          pam_unix\(systemd-user:session\): session closed for user (root|${user})
          Reload requested from client PID [0-9]+ \('systemctl'\)\.\.\.
          Reexecution requested from client PID [0-9]+ \('switch-to-confi'\)\.\.\.
          Reexecuting\.
@ -772,7 +774,7 @@ in
          Finished loading, compiling and executing [0-9]+ rules
          #
          Registered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+ \[/run/current-system/sw/bin/pkttyagent --notify-fd 5 --fallback\], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\)
-          Operator of unix-process:[0-9]+:[0-9]+ successfully authenticated as unix-user:yoda to gain ONE-SHOT authorization for action org\.freedesktop\.systemd1\.manage-units for system-bus-name::[0-9\.]+ \[systemctl start journalwatch\.service\] \(owned by unix-user:yoda\)
+          Operator of unix-process:[0-9]+:[0-9]+ successfully authenticated as unix-user:${user} to gain ONE-SHOT authorization for action org\.freedesktop\.systemd1\.manage-units for system-bus-name::[0-9\.]+ \[systemctl start journalwatch\.service\] \(owned by unix-user:${user}\)
          Unregistered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\)
          Unregistered Authentication Agent for unix-process:unknown \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\)
        '';
@ -843,10 +845,10 @@ in
      }
      {
        filters = ''
-          pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)
+          pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (${user})?\(uid=[0-9]+\)
          pam_unix\(sudo:session\): session closed for user root
-          # yodaTux. If the user `yoda` runs a command with `sudo`.
-          \s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
+          # yodaTux. If the user `${user}` runs a command with `sudo`.
+          \s+${user} : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
          # yodaNas. If the btrbk service is run.
          \s+btrbk : PWD=/ ; USER=root ; COMMAND=/.+
          \s+root : PWD=(/|/root) ; USER=root ; COMMAND=(/run/current-system/sw|/nix/store/[a-z0-9]+-btrfs-progs-[0-9\.]+)/bin/btrfs (subvolume list|subvolume show|subvolume delete|send|receive) .+
--- a/modules/nix-gc.nix
+++ b/modules/nix-gc.nix
@ -1,4 +1,7 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  # Garbage collection: Delete generations older than 5 days and then delete unreachable store objects.

@ -12,7 +15,7 @@

  # We need to explicitly run garbage collection for user profiles,
  # this is not done by the global `nix.gc` option.
-  home-manager.users."yoda" = { osConfig, config, pkgs, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
    nix.gc = {
      automatic = true;
      frequency = "weekly";
--- a/modules/programs-base.nix
+++ b/modules/programs-base.nix
@ -1,4 +1,7 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports = [
    ./vlc-dvd-blu-ray.nix
@ -6,7 +9,7 @@
    ./signal-desktop.nix
  ];

-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      #zenith # Terminal resource monitor / task manager
      btop   # Terminal resource monitor / task manager
--- a/modules/programs-gnome.nix
+++ b/modules/programs-gnome.nix
@ -1,4 +1,7 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports = [
    ./file-roller.nix # Archive manager: Compress and decompress
@ -7,7 +10,7 @@
    #./blackbox.nix # Terminal emulator.
  ];

-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      gnome-tweaks
      dconf-editor
--- a/modules/programs.nix
+++ b/modules/programs.nix
@ -1,10 +1,13 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  imports = [
    ./thunderbird.nix # email
  ];

-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      #
      # CLI apps
--- a/modules/rnote.nix
+++ b/modules/rnote.nix
@ -1,13 +1,16 @@
 { config, pkgs, lib, ... }:
+let
+  user = config.yoda.user;
+in
 {
-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      unstable.rnote # Handwritten notes
    ];
  };

  programs.dconf.enable = true;
-  home-manager.users."yoda" = { osConfig, config, pkgs, lib, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, lib, ... }: {
    dconf.settings = {
      "org/gnome/shell" = {
        favorite-apps = lib.mkIf (osConfig.networking.hostName == "yodaTab") ["com.github.flxzt.rnote.desktop"];
--- a/modules/syncthing.nix
+++ b/modules/syncthing.nix
@ -1,4 +1,7 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  # Sync files between devices
  #
@ -9,12 +12,12 @@
 #  services = {
 #    syncthing = {
 #      enable = true;
-#      user = "yoda";
+#      user = "${user}";
 #    };
 #  };

  # We run Syncthing as user service.
-  home-manager.users."yoda" = { osConfig, config, pkgs, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
    services.syncthing = {
      enable = true;
    };
--- a/modules/thunderbird.nix
+++ b/modules/thunderbird.nix
@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
 let
+  user = config.yoda.user;
+
  # TODO: trim whitespaces from string
  email-uni-marburg = (builtins.readFile ../secrets/email-uni-marburg);
 in
@ -8,7 +10,7 @@ in
  # https://github.com/dr460nf1r3/dr460nixed/blob/main/home-manager/email.nix
  # https://github.com/yurrriq/dotfiles/blob/main/machines/nixps/home.nix

-  home-manager.users."yoda" = { osConfig, config, pkgs, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
    accounts.email.accounts = {
      "personal" = {
        address = "daniel@systemli.org";
--- a/modules/tor-browser.nix
+++ b/modules/tor-browser.nix
@ -1,6 +1,9 @@
 { config, pkgs, lib, ... }:
+let
+  user = config.yoda.user;
+in
 {
-  users.users."yoda" = {
+  users.users."${user}" = {
    packages = with pkgs; [
      tor-browser-bundle-bin # Tor web browser.
    ];
--- a/modules/virt-manager.nix
+++ b/modules/virt-manager.nix
@ -1,11 +1,14 @@
 { config, pkgs, ... }:
+let
+  user = config.yoda.user;
+in
 {
  # See also: boxes.nix

  # libvirt is a dependency of Virt-manager
  # https://nixos.wiki/wiki/Libvirt
  virtualisation.libvirtd.enable = true;
-  users.users."yoda".extraGroups = [ "libvirtd" ];
+  users.users."${user}".extraGroups = [ "libvirtd" ];

  # Required for USB redirection to work with GNOME boxes. Maybe this is also required for virt-Manager?
  # See
@ -18,7 +21,7 @@
  # TODO: nixpkgs virtio-win
  programs.virt-manager.enable = true;
  programs.dconf.enable = true;
-  home-manager.users."yoda" = { osConfig, config, pkgs, ... }: {
+  home-manager.users."${user}" = { osConfig, config, pkgs, ... }: {
    dconf.settings = {
      "org/virt-manager/virt-manager/connections" = {
        autoconnect = ["qemu:///system"];