servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: use device.user for trusted users and primary user across configurations

Browse Source 
The changes update the configuration to use a `device.user` variable instead of hardcoded usernames like "fs0c131y" and "servius". This makes the configurations more flexible and reusable across different devices. The changes affect nixos configurations for mirai, ryu, and tako, as well as the darwin configuration for kuro, and the deploy.nix file.

The key changes include:
- Replacing hardcoded usernames with `device.user` in trusted-users lists
- Updating system.primaryUser to use `device.user`
- Modifying user definitions to use the device.user variable
- Adjusting deploy configuration to use "servius" as sshUser for tako
- Commenting out some service modules in tako's services/default.nix
This commit is contained in:
uttarayan21
2025-11-27 17:37:02 +05:30
parent bd889f3a5e
commit f9970ce3af
7 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
darwin/kuro/configuration.nix
View File

@@ -1,6 +1,7 @@
{ {
config, config,
pkgs, pkgs,
device,
... ...
}: { }: {
imports = [./services ./homebrew.nix ./programs]; imports = [./services ./homebrew.nix ./programs];
@@ -12,7 +13,7 @@
# ids.gids.nixbld = 30000; # ids.gids.nixbld = 30000;
experimental-features = "nix-command flakes auto-allocate-uids"; experimental-features = "nix-command flakes auto-allocate-uids";
max-jobs = 8; max-jobs = 8;
trusted-users = ["root" "fs0c131y"]; trusted-users = ["root" device.user];
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
# "https://sh.darksailor.dev" # "https://sh.darksailor.dev"
@@ -58,7 +59,7 @@
# services.nix-daemon.enable = true; # services.nix-daemon.enable = true;
system.stateVersion = 5; system.stateVersion = 5;
system.primaryUser = "fs0c131y"; system.primaryUser = device.user;
system.keyboard.enableKeyMapping = true; system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToControl = true; system.keyboard.remapCapsLockToControl = true;

2
deploy.nix
View File

@@ -31,7 +31,7 @@
tako = { tako = {
hostname = "tako.darksailor.dev"; hostname = "tako.darksailor.dev";
profiles.system = { profiles.system = {
sshUser = "root"; sshUser = "servius";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako; path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako;
user = "root"; user = "root";
}; };

4
nixos/mirai/configuration.nix
View File

@@ -42,7 +42,7 @@
cores = 8; cores = 8;
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "fs0c131y" "remotebuilder"]; trusted-users = ["root" device.user "remotebuilder"];
trusted-substituters = [ trusted-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"
@@ -69,7 +69,7 @@
distributedBuilds = true; distributedBuilds = true;
}; };
users.users.fs0c131y = { users.users.${device.user} = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "docker" "media"]; extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = [

3
nixos/ryu/configuration.nix
View File

@@ -43,7 +43,7 @@
cores = 24; cores = 24;
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "servius"]; trusted-users = ["root" device.user];
trusted-substituters = [ trusted-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"
@@ -70,6 +70,7 @@
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32 package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
buildMachines = [ buildMachines = [
../../builders/tako.nix ../../builders/tako.nix
../../builders/mirai.nix
../../builders/shiro.nix ../../builders/shiro.nix
# ../../builders/tsuba.nix # ../../builders/tsuba.nix
]; ];

2
nixos/tako/configuration.nix
View File

@@ -42,7 +42,7 @@
cores = 8; cores = 8;
auto-optimise-store = true; auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids"; extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "fs0c131y" "remotebuilder"]; trusted-users = ["root" device.user "remotebuilder"];
trusted-substituters = [ trusted-substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org" "https://nixos-raspberrypi.cachix.org"

6
nixos/tako/services/default.nix
View File

@@ -1,6 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
# ./authelia.nix
# ./caddy.nix # ./caddy.nix
# ./excalidraw.nix # ./excalidraw.nix
# ./fail2ban.nix # ./fail2ban.nix
@@ -9,7 +8,6 @@
# ./gitea.nix # ./gitea.nix
# ./homepage.nix # ./homepage.nix
# # ./llama.nix # # ./llama.nix
# ./lldap.nix
# # ./monitoring.nix # # ./monitoring.nix
# # ./nextcloud.nix # # ./nextcloud.nix
# # ./paperless.nix # # ./paperless.nix
@@ -19,7 +17,9 @@
# ./headscale.nix # ./headscale.nix
# ./shitpost.nix # ./shitpost.nix
./atuin.nix ./atuin.nix
./immich.nix # ./immich.nix
# ./lldap.nix
# ./authelia.nix
./openssh.nix ./openssh.nix
./tailscale.nix ./tailscale.nix
]; ];

4
nixos/tako/services/openssh.nix
View File

@@ -1,7 +1,7 @@
{...}: { {...}: {
services.openssh = { services.openssh = {
enable = true; enable = true;
passwordAuthentication = false; settings.PasswordAuthentication = false;
permitRootLogin = "prohibit-password"; settings.PermitRootLogin = "prohibit-password";
}; };
} }