From 7fa6af56b3d8c8933be0138a680cce166dd8f5fd Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Sun, 30 Mar 2025 13:27:21 +0200 Subject: [PATCH] define primary Linux username in base-user.nix --- hosts/pi3bplus/configuration.nix | 7 +++++-- hosts/yodaNas/notify-change.nix | 18 ++++++++++-------- hosts/yodaYoga/BikeTripPlanner.nix | 7 +++++-- modules/android.nix | 5 ++++- modules/base-minimal.nix | 11 ++++++++--- modules/base-user.nix | 16 ++++++++++++++++ modules/base.nix | 7 +++++-- modules/dosbox-x.nix | 5 ++++- modules/file-roller.nix | 5 ++++- modules/games.nix | 5 ++++- modules/gnome-terminal.nix | 9 ++++++--- modules/journalwatch.nix | 22 ++++++++++++---------- modules/nix-gc.nix | 5 ++++- modules/programs-base.nix | 5 ++++- modules/programs-gnome.nix | 5 ++++- modules/programs.nix | 5 ++++- modules/rnote.nix | 7 +++++-- modules/syncthing.nix | 7 +++++-- modules/thunderbird.nix | 4 +++- modules/tor-browser.nix | 5 ++++- modules/virt-manager.nix | 7 +++++-- 21 files changed, 121 insertions(+), 46 deletions(-) create mode 100644 modules/base-user.nix diff --git a/hosts/pi3bplus/configuration.nix b/hosts/pi3bplus/configuration.nix index 7e33ab0..3f94658 100644 --- a/hosts/pi3bplus/configuration.nix +++ b/hosts/pi3bplus/configuration.nix @@ -1,4 +1,7 @@ { config, pkgs, lib, ... }: +let + user = config.yoda.user; +in { imports = [ # Include the results of the hardware scan. @@ -45,9 +48,9 @@ }; # Define a user account. Don't forget to set a password with 'passwd'. - users.users."yoda" = { + users.users."${user}" = { isNormalUser = true; - description = "Yoda"; + description = "${user}"; extraGroups = [ "wheel" ]; # Enable 'sudo' for the user. }; diff --git a/hosts/yodaNas/notify-change.nix b/hosts/yodaNas/notify-change.nix index 5d730d6..a074048 100644 --- a/hosts/yodaNas/notify-change.nix +++ b/hosts/yodaNas/notify-change.nix @@ -1,8 +1,10 @@ { config, pkgs, ...}: let + user = config.yoda.user; + name = "notify-change"; subdir = "readonly-git/notify-change"; - fulldir = "/home/yoda/${subdir}"; + fulldir = "/home/${user}/${subdir}"; jdk = pkgs.jdk23; gradle = pkgs.gradle.override { @@ -16,7 +18,7 @@ in # comma-separated list of email addresses keyFile = ../../secrets/${name}-email-recipients; destDir = "/secrets"; - user = "yoda"; + user = "${user}"; #group = "smtpd"; # Default: root permissions = "0400"; uploadAt = "pre-activation"; @@ -25,7 +27,7 @@ in deployment.keys."${name}-EMAIL_USER" = { keyFile = ../../secrets/user.web.de; destDir = "/secrets"; - user = "yoda"; + user = "${user}"; #group = "smtpd"; # Default: root permissions = "0400"; uploadAt = "pre-activation"; @@ -34,7 +36,7 @@ in deployment.keys."${name}-EMAIL_PASSWORD" = { keyFile = ../../secrets/pwd.web.de; destDir = "/secrets"; - user = "yoda"; + user = "${user}"; #group = "smtpd"; # Default: root permissions = "0400"; uploadAt = "pre-activation"; @@ -43,7 +45,7 @@ in deployment.keys."${name}-ILIAS_USER" = { keyFile = ../../secrets/user.ilias.uni-marburg.de; destDir = "/secrets"; - user = "yoda"; + user = "${user}"; #group = "smtpd"; # Default: root permissions = "0400"; uploadAt = "pre-activation"; @@ -52,14 +54,14 @@ in deployment.keys."${name}-ILIAS_PASSWORD" = { keyFile = ../../secrets/pwd.ilias.uni-marburg.de; destDir = "/secrets"; - user = "yoda"; + user = "${user}"; #group = "smtpd"; # Default: root permissions = "0400"; uploadAt = "pre-activation"; }; # Download notify-change Git repository. -# home-manager.users.yoda = { osConfig, config, pkgs, ... }: { +# home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { # home.file."${subdir}".source = (builtins.fetchGit { # url = "https://codeberg.org/privacy1st/selenium-webdriver-ide-demo"; # ref = "changedetection"; @@ -87,7 +89,7 @@ in serviceConfig = { Type = "oneshot"; PrivateTmp = true; - User = "yoda"; + User = "${user}"; }; path = [ pkgs.bash # todo diff --git a/hosts/yodaYoga/BikeTripPlanner.nix b/hosts/yodaYoga/BikeTripPlanner.nix index dff878d..e2c1da6 100644 --- a/hosts/yodaYoga/BikeTripPlanner.nix +++ b/hosts/yodaYoga/BikeTripPlanner.nix @@ -1,4 +1,7 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { imports = [ ../../modules/headless.nix @@ -13,7 +16,7 @@ ]; # Download BikeTripPlanner Git repository. - home-manager.users."yoda" = { osConfig, config, pkgs, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { home.file."readonly-git/BikeTripPlanner".source = (builtins.fetchGit { url = "https://github.com/langbein-daniel/BikeTripPlanner"; #rev = "6d4daf18235189825b0c314901b1617ece6d8641"; @@ -31,7 +34,7 @@ docker ]; script = '' - docker compose -f /home/yoda/readonly-git/BikeTripPlanner/deployment/btp-only.yml up -d --wait + docker compose -f /home/${user}/readonly-git/BikeTripPlanner/deployment/btp-only.yml up -d --wait ''; # Start after login. wantedBy = [ "multi-user.target" ]; diff --git a/modules/android.nix b/modules/android.nix index 866cf3f..bf37f3b 100644 --- a/modules/android.nix +++ b/modules/android.nix @@ -1,10 +1,13 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { # adb and fastboot # https://nixos.wiki/wiki/Android#adb_setup programs.adb.enable = true; - users.users."yoda".extraGroups = [ "adbusers" "plugdev" ]; + users.users."${user}".extraGroups = [ "adbusers" "plugdev" ]; # plugdev group: https://developer.android.com/studio/run/device # How to add user to new group: https://superuser.com/a/1352988 diff --git a/modules/base-minimal.nix b/modules/base-minimal.nix index 7bcad62..75ed6b1 100644 --- a/modules/base-minimal.nix +++ b/modules/base-minimal.nix @@ -1,6 +1,11 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { imports = [ + ./base-user.nix + # Filesystem settings. ./btrfsFileSystems.nix ./btrfsMounts.nix @@ -51,9 +56,9 @@ # Define a user account. # Don't forget to set a password with `passwd`. - users.users."yoda" = { + users.users."${user}" = { isNormalUser = true; - description = "Yoda"; + description = "${user}"; extraGroups = [ "wheel" ]; }; @@ -74,7 +79,7 @@ # Options only for build.system.vm - they won’t get applied when building build.system.toplevel aka the normal system config. # https://discourse.nixos.org/t/wayland-compositors-an-build-vm-not-working/46486/2 virtualisation.vmVariant = { - users.users."yoda".initialPassword = "asdf"; + users.users."${user}".initialPassword = "asdf"; virtualisation.qemu.options = [ "-device virtio-vga-gl" "-display sdl,gl=on,show-cursor=off" diff --git a/modules/base-user.nix b/modules/base-user.nix new file mode 100644 index 0000000..58bb3de --- /dev/null +++ b/modules/base-user.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: +let + defaultUsername = "yoda"; +in +{ + options.yoda.user = lib.mkOption { + # You can find the exhaustive list of types here: https://nlewo.github.io/nixos-manual-sphinx/development/option-types.xml.html + type = lib.types.str; + default = defaultUsername; + description = "Username of the primary Linux user account. Must not include regex special characters."; + }; + + config = { + yoda.user = defaultUsername; + }; +} diff --git a/modules/base.nix b/modules/base.nix index bccb736..739d0dd 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -1,4 +1,7 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { imports = [ ./base-minimal.nix @@ -14,7 +17,7 @@ # Shell settings. ./bash.nix # bash settings. - ./zsh.nix # zsh as default shell for yoda and root. + ./zsh.nix # zsh as default shell for $user and root. ./fzf.nix # Fuzzy command history and file search. # nixpkgs config @@ -32,7 +35,7 @@ # Enable networking. networking.networkmanager.enable = true; # - users.users."yoda" = { + users.users."${user}" = { extraGroups = [ "networkmanager" ]; }; diff --git a/modules/dosbox-x.nix b/modules/dosbox-x.nix index fcf9947..d116f4c 100644 --- a/modules/dosbox-x.nix +++ b/modules/dosbox-x.nix @@ -1,6 +1,9 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ dosbox-x # Virtual machines with DOS-based Windows such as Windows 3.x and Windows 9x ]; diff --git a/modules/file-roller.nix b/modules/file-roller.nix index a57d5d3..1cd5d45 100644 --- a/modules/file-roller.nix +++ b/modules/file-roller.nix @@ -1,6 +1,9 @@ { lib, config, pkgs, ... }: +let + user = config.yoda.user; +in { - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ file-roller # Archive manager: Compress and decompress lz4 # Add support to extract lz4 archives diff --git a/modules/games.nix b/modules/games.nix index 8b4439e..c46fe60 100644 --- a/modules/games.nix +++ b/modules/games.nix @@ -1,4 +1,7 @@ { config, pkgs, lib, ... }: +let + user = config.yoda.user; +in { # NixOS general: # https://github.com/NixOS/nixpkgs/tree/nixos-23.11/pkgs/games/ @@ -42,7 +45,7 @@ "dotnet-sdk-6.0.428" ]; - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ # # Sandbox diff --git a/modules/gnome-terminal.nix b/modules/gnome-terminal.nix index 8a0c732..4844d2c 100644 --- a/modules/gnome-terminal.nix +++ b/modules/gnome-terminal.nix @@ -1,6 +1,9 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ #gnome.gnome-terminal # Terminal emulator nautilus-open-any-terminal # For Nautilus (GNOME files) integration @@ -10,7 +13,7 @@ # For Nautilus (GNOME files) integration programs.dconf.enable = true; - home-manager.users."yoda" = { osConfig, config, pkgs, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { dconf.settings = { # For Nautilus (GNOME files) integration "com/github/stunkymonkey/nautilus-open-any-terminal" = { @@ -21,7 +24,7 @@ programs.gnome-terminal.enable = true; programs.gnome-terminal.profile."74b90a31-5123-4a64-91a3-3cb31eb5cdb6" = { default = true; - visibleName = "Yoda's Terminal"; + visibleName = "${user}'s terminal"; font = "DejaVu Sans Mono 11"; audibleBell = false; diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix index 4d58cf2..77a4723 100644 --- a/modules/journalwatch.nix +++ b/modules/journalwatch.nix @@ -40,12 +40,14 @@ { config, pkgs, ... }: let + user = config.yoda.user; + stopped-service-consumption-summary = '' \S+\.(service|scope|slice|swap|mount): Consumed ([0-9]+d )?([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\.''; sshd-log = '' - Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: ED25519 SHA256:\S+ + Accepted publickey for (root|${user}) from \S+ port \S+ ssh2: ED25519 SHA256:\S+ # TODO: Change RSA key of yodaHedgehog to ED25519 - Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+ + Accepted publickey for (root|${user}) from \S+ port \S+ ssh2: RSA SHA256:\S+ pam_unix\(sshd:session\): session opened for user \S+ by \S+ Received disconnect from \S+ port \S+:11: disconnected by user Disconnected from user \S+ \S+ port \S+ @@ -61,16 +63,16 @@ let Invalid user \S+ from \S+ port \S+ Disconnected from \S+ port \S+ \[preauth\] Disconnected from invalid user \S+ \S+ port \S+ \[preauth\] - Disconnected from authenticating user (root|yoda) \S+ port \S+ \[preauth\] + Disconnected from authenticating user (root|${user}) \S+ port \S+ \[preauth\] Received disconnect from \S+ port \S+:11: Client disconnecting normally \[preauth\] Received disconnect from \S+ port \S+:11: Bye Bye \[preauth\] Connection reset by invalid user \S+ \S+ port \S+ \[preauth\] - Connection reset by authenticating user (root|yoda) \S+ port \S+ \[preauth\] + Connection reset by authenticating user (root|${user}) \S+ port \S+ \[preauth\] Connection reset by \S+ port \S+ \[preauth\] Connection reset by \S+ port \S+ Connection closed by \S+ port \S+ Connection closed by \S+ port \S+ \[preauth\] - Connection closed by authenticating user (root|yoda) \S+ port \S+ \[preauth\] + Connection closed by authenticating user (root|${user}) \S+ port \S+ \[preauth\] Connection closed by invalid user \S+ \S+ port \S+ \[preauth\] error: kex_exchange_identification: banner line contains invalid characters error: kex_exchange_identification: client sent invalid protocol identifier "[^"]*" @@ -743,7 +745,7 @@ in Created slice User Application Slice\. Queued start job for default target Main User Target\. pam_unix\(systemd-user:session\): session opened for user root\(uid=0\) by \(uid=0\) - pam_unix\(systemd-user:session\): session closed for user (root|yoda) + pam_unix\(systemd-user:session\): session closed for user (root|${user}) Reload requested from client PID [0-9]+ \('systemctl'\)\.\.\. Reexecution requested from client PID [0-9]+ \('switch-to-confi'\)\.\.\. Reexecuting\. @@ -772,7 +774,7 @@ in Finished loading, compiling and executing [0-9]+ rules # Registered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+ \[/run/current-system/sw/bin/pkttyagent --notify-fd 5 --fallback\], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) - Operator of unix-process:[0-9]+:[0-9]+ successfully authenticated as unix-user:yoda to gain ONE-SHOT authorization for action org\.freedesktop\.systemd1\.manage-units for system-bus-name::[0-9\.]+ \[systemctl start journalwatch\.service\] \(owned by unix-user:yoda\) + Operator of unix-process:[0-9]+:[0-9]+ successfully authenticated as unix-user:${user} to gain ONE-SHOT authorization for action org\.freedesktop\.systemd1\.manage-units for system-bus-name::[0-9\.]+ \[systemctl start journalwatch\.service\] \(owned by unix-user:${user}\) Unregistered Authentication Agent for unix-process:[0-9]+:[0-9]+ \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\) Unregistered Authentication Agent for unix-process:unknown \(system bus name :[0-9\.]+, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8\) \(disconnected from bus\) ''; @@ -843,10 +845,10 @@ in } { filters = '' - pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\) + pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (${user})?\(uid=[0-9]+\) pam_unix\(sudo:session\): session closed for user root - # yodaTux. If the user `yoda` runs a command with `sudo`. - \s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+ + # yodaTux. If the user `${user}` runs a command with `sudo`. + \s+${user} : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+ # yodaNas. If the btrbk service is run. \s+btrbk : PWD=/ ; USER=root ; COMMAND=/.+ \s+root : PWD=(/|/root) ; USER=root ; COMMAND=(/run/current-system/sw|/nix/store/[a-z0-9]+-btrfs-progs-[0-9\.]+)/bin/btrfs (subvolume list|subvolume show|subvolume delete|send|receive) .+ diff --git a/modules/nix-gc.nix b/modules/nix-gc.nix index 62cf50f..99f43d9 100644 --- a/modules/nix-gc.nix +++ b/modules/nix-gc.nix @@ -1,4 +1,7 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { # Garbage collection: Delete generations older than 5 days and then delete unreachable store objects. @@ -12,7 +15,7 @@ # We need to explicitly run garbage collection for user profiles, # this is not done by the global `nix.gc` option. - home-manager.users."yoda" = { osConfig, config, pkgs, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { nix.gc = { automatic = true; frequency = "weekly"; diff --git a/modules/programs-base.nix b/modules/programs-base.nix index 38fd643..55f22bc 100644 --- a/modules/programs-base.nix +++ b/modules/programs-base.nix @@ -1,4 +1,7 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { imports = [ ./vlc-dvd-blu-ray.nix @@ -6,7 +9,7 @@ ./signal-desktop.nix ]; - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ #zenith # Terminal resource monitor / task manager btop # Terminal resource monitor / task manager diff --git a/modules/programs-gnome.nix b/modules/programs-gnome.nix index de6a079..c3d7d94 100644 --- a/modules/programs-gnome.nix +++ b/modules/programs-gnome.nix @@ -1,4 +1,7 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { imports = [ ./file-roller.nix # Archive manager: Compress and decompress @@ -7,7 +10,7 @@ #./blackbox.nix # Terminal emulator. ]; - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ gnome-tweaks dconf-editor diff --git a/modules/programs.nix b/modules/programs.nix index 41a4102..68e75e7 100644 --- a/modules/programs.nix +++ b/modules/programs.nix @@ -1,10 +1,13 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { imports = [ ./thunderbird.nix # email ]; - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ # # CLI apps diff --git a/modules/rnote.nix b/modules/rnote.nix index d307925..dce501d 100644 --- a/modules/rnote.nix +++ b/modules/rnote.nix @@ -1,13 +1,16 @@ { config, pkgs, lib, ... }: +let + user = config.yoda.user; +in { - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ unstable.rnote # Handwritten notes ]; }; programs.dconf.enable = true; - home-manager.users."yoda" = { osConfig, config, pkgs, lib, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, lib, ... }: { dconf.settings = { "org/gnome/shell" = { favorite-apps = lib.mkIf (osConfig.networking.hostName == "yodaTab") ["com.github.flxzt.rnote.desktop"]; diff --git a/modules/syncthing.nix b/modules/syncthing.nix index ba03e54..b7d79a3 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -1,4 +1,7 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { # Sync files between devices # @@ -9,12 +12,12 @@ # services = { # syncthing = { # enable = true; -# user = "yoda"; +# user = "${user}"; # }; # }; # We run Syncthing as user service. - home-manager.users."yoda" = { osConfig, config, pkgs, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { services.syncthing = { enable = true; }; diff --git a/modules/thunderbird.nix b/modules/thunderbird.nix index 22d6c43..e8d5c9b 100644 --- a/modules/thunderbird.nix +++ b/modules/thunderbird.nix @@ -1,5 +1,7 @@ { config, pkgs, lib, ... }: let + user = config.yoda.user; + # TODO: trim whitespaces from string email-uni-marburg = (builtins.readFile ../secrets/email-uni-marburg); in @@ -8,7 +10,7 @@ in # https://github.com/dr460nf1r3/dr460nixed/blob/main/home-manager/email.nix # https://github.com/yurrriq/dotfiles/blob/main/machines/nixps/home.nix - home-manager.users."yoda" = { osConfig, config, pkgs, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { accounts.email.accounts = { "personal" = { address = "daniel@systemli.org"; diff --git a/modules/tor-browser.nix b/modules/tor-browser.nix index 0de210d..937e8cd 100644 --- a/modules/tor-browser.nix +++ b/modules/tor-browser.nix @@ -1,6 +1,9 @@ { config, pkgs, lib, ... }: +let + user = config.yoda.user; +in { - users.users."yoda" = { + users.users."${user}" = { packages = with pkgs; [ tor-browser-bundle-bin # Tor web browser. ]; diff --git a/modules/virt-manager.nix b/modules/virt-manager.nix index 9b2602d..7b60ecc 100644 --- a/modules/virt-manager.nix +++ b/modules/virt-manager.nix @@ -1,11 +1,14 @@ { config, pkgs, ... }: +let + user = config.yoda.user; +in { # See also: boxes.nix # libvirt is a dependency of Virt-manager # https://nixos.wiki/wiki/Libvirt virtualisation.libvirtd.enable = true; - users.users."yoda".extraGroups = [ "libvirtd" ]; + users.users."${user}".extraGroups = [ "libvirtd" ]; # Required for USB redirection to work with GNOME boxes. Maybe this is also required for virt-Manager? # See @@ -18,7 +21,7 @@ # TODO: nixpkgs virtio-win programs.virt-manager.enable = true; programs.dconf.enable = true; - home-manager.users."yoda" = { osConfig, config, pkgs, ... }: { + home-manager.users."${user}" = { osConfig, config, pkgs, ... }: { dconf.settings = { "org/virt-manager/virt-manager/connections" = { autoconnect = ["qemu:///system"];