feat(nixos): Added uid and gid to users

2025-12-30 18:35:28 +05:30
parent 67cc456503
commit 5f243fda02
5 changed files with 54 additions and 39 deletions
--- a/nixos/ryu/configuration.nix
+++ b/nixos/ryu/configuration.nix
@@ -77,6 +77,7 @@
  };

  users.users.${device.user} = {
+    uid = device.uid;
    isNormalUser = true;
    extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss"];
    openssh.authorizedKeys.keyFiles = [
@@ -86,6 +87,10 @@
  };
  users.groups.i2c = {};
  users.groups.media = {};
+  users.groups.${device.user} = {
+    gid = device.gid;
+    members = [device.user];
+  };

  services = {
    devmon.enable = true;
--- a/nixos/ryu/ryu.nix
+++ b/nixos/ryu/ryu.nix
@@ -5,6 +5,7 @@
  config,
  lib,
  modulesPath,
+  device,
  pkgs,
  ...
 }: {
@@ -59,7 +60,7 @@
    NIXOS_OZONE_WL = "1";
  };

-  users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"];
+  users.extraUsers.${device.user}.extraGroups = ["libvirtd" "adbusers" "kvm"];

  boot.extraModprobeConfig = ''
    options kvm_intel nested=1
@@ -133,7 +134,12 @@
  #   options = ["nofail"];
  # };

-  swapDevices = [];
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 64 * 1024;
+    }
+  ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/nixos/ryu/services/samba.nix
+++ b/nixos/ryu/services/samba.nix
@@ -1,36 +1,30 @@
-{...}: {
-  # services = {
-  #   samba = {
-  #     enable = false;
-  #     openFirewall = true;
-  #     settings = {
-  #       global = {
-  #         "workgroup" = "WORKGROUP";
-  #         "server string" = "smbnix";
-  #         "netbios name" = "smbnix";
-  #         "security" = "user";
-  #         "hosts allow" = "192.168.11. 127.0.0.1 localhost";
-  #         "hosts deny" = "0.0.0.0/0";
-  #         "guest account" = "nobody";
-  #         "map to guest" = "bad user";
-  #       };
-  #
-  #       public = {
-  #         "path" = "/media";
-  #         "browseable" = "yes";
-  #         "read only" = "no";
-  #         "guest ok" = "yes";
-  #         "create mask" = "0644";
-  #         "directory mask" = "0755";
-  #         # "force user" = "username";
-  #         # "force group" = "groupname";
-  #       };
-  #     };
-  #   };
-  #   samba-wsdd = {
-  #     enable = true;
-  #     openFirewall = true;
-  #   };
-  # };
-  networking.firewall.allowPing = true;
+{
+  lib,
+  config,
+  device,
+  ...
+}: {
+  # networking.firewall.allowPing = true;
+  sops = {
+    secrets."nas/password" = {};
+    templates."nas-credentials".content = ''
+      username=${device.user}
+      domain=WORKGROUP
+      password=${config.sops.placeholder."nas/password"}
+    '';
+  };
+  fileSystems."/volumes/nas" = {
+    device = "//tsuba.darksailor.dev/nas";
+    fsType = "cifs";
+
+    options = let
+      options = "nofail,x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+      uid = toString config.users.users.servius.uid;
+      gid = toString config.users.groups.servius.gid;
+      check = lib.asserts.assertMsg (
+        uid != "" && gid != ""
+      ) "User ${device.user} must have uid ang gid set to mount NAS as user.";
+    in
+      lib.optionals check ["${options},credentials=${config.sops.templates."nas-credentials".path},uid=${uid},gid=${gid}"];
+  };
 }