examples: standardise on primary user

divnix · Jul 12, 2022 · 4163b06 · 4163b06
1 parent fb4107a
commit 4163b06
Show file tree

Hide file tree

Showing 9 changed files with 76 additions and 38 deletions.
diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md
@@ -2,24 +2,34 @@
 Suites provide a mechanism for users to easily combine and name collections of
 profiles.
 
-`suites` are defined in the `importables` argument in either the `home` or `nixos`
-namespace. They are a special case of an `importable` which is passed as a special
-argument (one that can be use in an `imports` line) to your hosts. All lists defined
-in `suites` are flattened and type-checked as paths.
+`suites` are defined in the `importables` argument in any of the `nixos`,
+`darwin`, or `home` namespaces. They are a special case of an `importable` which
+is passed as a special argument (one that can be use in an `imports` line) to
+your hosts. All lists defined in `suites` are flattened and type-checked as
+paths.
 
 ## Definition
+
 ```nix
 rec {
-  workstation = [ profiles.develop profiles.graphical users.nixos ];
-  mobileWS = workstation ++ [ profiles.laptop ];
+  workstation = [
+    profiles.develop
+    profiles.graphical
+    users.primary
+  ];
+  portableWorkstation =
+    workstation
+    ++ [ profiles.laptop ];
 }
 ```
 
 ## Usage
+
 `hosts/my-laptop.nix`:
+
 ```nix
 { suites, ... }:
 {
-  imports = suites.mobileWS;
+  imports = suites.portableWorkstation;
 }
 ```
diff --git a/examples/devos/flake.nix b/examples/devos/flake.nix
@@ -119,7 +119,11 @@
               users = digga.lib.rakeLeaves ./users;
             };
             suites = with profiles; rec {
-              base = [ core.nixos users.nixos users.root ];
+              base = [
+                core.nixos
+                users.root
+                users.primary
+              ];
             };
           };
         };
@@ -147,7 +151,10 @@
               users = digga.lib.rakeLeaves ./users;
             };
             suites = with profiles; rec {
-              base = [ core.darwin users.admin ];
+              base = [
+                core.darwin
+                users.primary
+              ];
             };
           };
         };
@@ -162,7 +169,6 @@
             };
           };
           users = {
-            nixos = { suites, ... }: { imports = suites.base; };
             primary = { suites, ... }: { imports = suites.base; };
           };
         };

diff --git a/examples/devos/hosts/nixos/bootstrap.nix b/examples/devos/hosts/nixos/bootstrap.nix
@@ -1,10 +1,11 @@
 { profiles, ... }:
 {
-  imports = [
-    # profiles.networking
-    profiles.core.nixos
-    profiles.users.root # make sure to configure ssh keys
-    profiles.users.nixos
+  imports = with profiles; [
+    core.nixos
+    # N.B. Make sure to add your public SSH keys to authorized keys!
+    users.root
+    # Traditionally, the installer user+password combo would be `nixos:nixos`.
+    users.primary
   ];
 
   boot.loader.systemd-boot.enable = true;

diff --git a/examples/devos/users/admin/default.nix b/examples/devos/users/admin/default.nix
diff --git a/examples/devos/users/nixos.nix b/examples/devos/users/nixos.nix
@@ -0,0 +1,22 @@
+{ hmUsers, ... }:
+{
+  # In this profile, the `nixos` system-level user loads the home-manager
+  # profile for the `primary` user defined in the flake's
+  # `self.home.users.primary` option.
+  #
+  # The user profile names defined in `self.home.users.<name>` don't need to
+  # correspond directly to system-level usernames. They can, instead, be
+  # imported as a module in any `home-manager.users` configuration, allowing for
+  # more flexibility.
+  #
+  # Compare with the `primary` system user (in this directory), which uses a
+  # simplified (but limited) approach.
+  home-manager.users.nixos = {...}: { imports = [hmUsers.primary]; };
+
+  users.users.nixos = {
+    password = "nixos";
+    description = "default";
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+}
diff --git a/examples/devos/users/nixos/default.nix b/examples/devos/users/nixos/default.nix
diff --git a/examples/devos/users/primary/default.nix b/examples/devos/users/primary/default.nix
@@ -0,0 +1,16 @@
+{ hmUsers, ... }:
+{
+  # You'll need to define an initial hashed or plaintext password for this user.
+  users.users.primary = {
+    description = "primary administrative user on this machine";
+  };
+
+  # The following home-manager user definition doesn't include any further
+  # customization beyond the default `hmUsers.primary` profile, so its
+  # implementation can be simplified.
+  #
+  # Note, however, that the pattern demonstrated in the `nixos` user profile is
+  # more flexible in the long run, especially if you want to share the same
+  # home-manager profile amongst multiple users with different usernames.
+  home-manager.users = { inherit (hmUsers) primary; };
+}
diff --git a/examples/devos/users/root/default.nix → examples/devos/users/root.nix b/examples/devos/users/root/default.nix → examples/devos/users/root.nix
diff --git a/src/modules.nix b/src/modules.nix
@@ -17,7 +17,8 @@
 
   globalDefaults = { hmUsers }:
     { config, pkgs, self, ... }: {
-      # digga lib can be accessed in modules directly as config.lib.digga
+      # Digga's library functions can be accessed directly through the module
+      # system as `config.lib.digga`.
       lib = {
         inherit (pkgs.lib) digga;
       };
@@ -32,6 +33,10 @@
     };
 
   nixosDefaults = { self, ... }: {
+    # N.B. If users are not explicitly defined in configuration, they will be
+    # removed from the resulting system. This could result in data loss if
+    # you're not starting from a fresh install -- even if you are currently
+    # logged in!
     users.mutableUsers = lib.mkDefault false;
     hardware.enableRedistributableFirmware = lib.mkDefault true;
     system.configurationRevision = lib.mkIf (self ? rev) self.rev;