divnix · montchr · Apr 28, 2022 · Apr 28, 2022 · Jul 12, 2022
diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md
@@ -2,24 +2,34 @@
 Suites provide a mechanism for users to easily combine and name collections of
 profiles.
 
-`suites` are defined in the `importables` argument in either the `home` or `nixos`
-namespace. They are a special case of an `importable` which is passed as a special
-argument (one that can be use in an `imports` line) to your hosts. All lists defined
-in `suites` are flattened and type-checked as paths.
+`suites` are defined in the `importables` argument in any of the `nixos`,
+`darwin`, or `home` namespaces. They are a special case of an `importable` which
+is passed as a special argument (one that can be use in an `imports` line) to
+your hosts. All lists defined in `suites` are flattened and type-checked as
+paths.
 
 ## Definition
+
 ```nix
 rec {
-  workstation = [ profiles.develop profiles.graphical users.nixos ];
-  mobileWS = workstation ++ [ profiles.laptop ];
+  workstation = [
+    profiles.develop
+    profiles.graphical
+    users.primary
+  ];
+  portableWorkstation =
+    workstation
+    ++ [ profiles.laptop ];
 }
 ```
 
 ## Usage
+
 `hosts/my-laptop.nix`:
+
 ```nix
 { suites, ... }:
 {
-  imports = suites.mobileWS;
+  imports = suites.portableWorkstation;
 }
 ```
diff --git a/examples/devos/flake.nix b/examples/devos/flake.nix
@@ -119,7 +119,11 @@
               users = digga.lib.rakeLeaves ./users;
             };
             suites = with profiles; rec {
-              base = [ core.nixos users.nixos users.root ];
+              base = [
+                core.nixos
+                users.root
+                users.primary
+              ];
             };
           };
         };
@@ -147,7 +151,10 @@
               users = digga.lib.rakeLeaves ./users;
             };
             suites = with profiles; rec {
-              base = [ core.darwin users.darwin ];
+              base = [
+                core.darwin
+                users.primary
+              ];
             };
           };
         };
@@ -162,34 +169,17 @@
             };
           };
           users = {
-            # TODO: does this naming convention still make sense with darwin support?
-            #
-            # - it doesn't make sense to make a 'nixos' user available on
-            #   darwin, and vice versa
-            #
-            # - the 'nixos' user might have special significance as the default
-            #   user for fresh systems
-            #
-            # - perhaps a system-agnostic home-manager user is more appropriate?
-            #   something like 'primaryuser'?
-            #
-            # all that said, these only exist within the `hmUsers` attrset, so
-            # it could just be left to the developer to determine what's
-            # appropriate. after all, configuring these hm users is one of the
-            # first steps in customizing the template.
-            nixos = { suites, ... }: { imports = suites.base; };
-            darwin = { suites, ... }: { imports = suites.base; };
-          }; # digga.lib.importers.rakeLeaves ./users/hm;
+            primary = { suites, ... }: { imports = suites.base; };
+          };
         };
 
         devshell = ./shell;
 
-        # TODO: similar to the above note: does it make sense to make all of
-        # these users available on all systems?
-        homeConfigurations = digga.lib.mergeAny
-          (digga.lib.mkHomeConfigurations self.darwinConfigurations)
-          (digga.lib.mkHomeConfigurations self.nixosConfigurations)
-        ;
+        homeConfigurations =
+          digga.lib.mkHomeConfigurations
+          (digga.lib.collectHosts
+            self.nixosConfigurations
+            self.darwinConfigurations);
 
         deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
 

diff --git a/examples/devos/hosts/nixos/bootstrap.nix b/examples/devos/hosts/nixos/bootstrap.nix
@@ -1,10 +1,12 @@
 { profiles, ... }:
 {
-  imports = [
-    # profiles.networking
-    profiles.core.nixos
-    profiles.users.root # make sure to configure ssh keys
-    profiles.users.nixos
+  imports = with profiles; [
+    core.nixos
+    # N.B. Make sure to add your public SSH keys to authorized keys!
+    users.root
+    # Note that this is different than the usual `primary` user for the sake of
+    # a familiar installation UX.
+    users.nixos
   ];
 
   boot.loader.systemd-boot.enable = true;

diff --git a/examples/devos/users/darwin/default.nix b/examples/devos/users/darwin/default.nix
diff --git a/examples/devos/users/nixos.nix b/examples/devos/users/nixos.nix
@@ -0,0 +1,23 @@
+{ hmUsers, ... }:
+{
+  # In this profile, the `nixos` system-level user loads the home-manager
+  # profile for the `primary` user defined in the flake's
+  # `self.home.users.primary` option.
+  #
+  # The user profile names defined in `self.home.users.<name>` don't need to
+  # correspond directly to system-level usernames. They can, instead, be
+  # imported as a module in any `home-manager.users` configuration, allowing for
+  # more flexibility.
+  #
+  # Compare with the `primary` system user (in this directory), which uses a
+  # simplified (but limited) approach.
+  home-manager.users.nixos = {...}: { imports = [hmUsers.primary]; };
+
+  users.users.nixos = {
+    # This is the standard password for installation media.
+    password = "nixos";
+    description = "default";
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+  };
+}
diff --git a/examples/devos/users/nixos/default.nix b/examples/devos/users/nixos/default.nix
diff --git a/examples/devos/users/primary/default.nix b/examples/devos/users/primary/default.nix
@@ -0,0 +1,20 @@
+{ hmUsers, ... }:
+{
+  users.users.primary = {
+    description = "primary administrative user on this machine";
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
+
+    # Make sure to change this!
+    initialPassword = "nixos";
+  };
+
+  # The following home-manager user definition doesn't include any further
+  # customization beyond the default `hmUsers.primary` profile, so its
+  # implementation can be simplified.
+  #
+  # Note, however, that the pattern demonstrated in the `nixos` user profile is
+  # more flexible in the long run, especially if you want to share the same
+  # home-manager profile amongst multiple users with different usernames.
+  home-manager.users = { inherit (hmUsers) primary; };
+}
diff --git a/examples/devos/users/root/default.nix → examples/devos/users/root.nix b/examples/devos/users/root/default.nix → examples/devos/users/root.nix
diff --git a/src/modules.nix b/src/modules.nix
@@ -17,7 +17,8 @@
 
   globalDefaults = { hmUsers }:
     { config, pkgs, self, ... }: {
-      # digga lib can be accessed in modules directly as config.lib.digga
+      # Digga's library functions can be accessed directly through the module
+      # system as `config.lib.digga`.
       lib = {
         inherit (pkgs.lib) digga;
       };
@@ -32,6 +33,10 @@
     };
 
   nixosDefaults = { self, ... }: {
+    # N.B. If users are not explicitly defined in configuration, they will be
+    # removed from the resulting system. This could result in data loss if
+    # you're not starting from a fresh install -- even if you are currently
+    # logged in!
     users.mutableUsers = lib.mkDefault false;
     hardware.enableRedistributableFirmware = lib.mkDefault true;
     system.configurationRevision = lib.mkIf (self ? rev) self.rev;