refactor: compose hosts and home-manager features explicitly
This commit is contained in:
+69
-7
@@ -7,8 +7,6 @@ let
|
||||
mkHost =
|
||||
{
|
||||
name,
|
||||
kind,
|
||||
traits ? [ ],
|
||||
displays ? { },
|
||||
users ? { },
|
||||
imports ? [ ],
|
||||
@@ -18,9 +16,7 @@ let
|
||||
meta.host = {
|
||||
inherit
|
||||
displays
|
||||
kind
|
||||
name
|
||||
traits
|
||||
users
|
||||
;
|
||||
};
|
||||
@@ -52,11 +48,69 @@ let
|
||||
"reverse_proxy :${toString port}"
|
||||
else
|
||||
''
|
||||
reverse_proxy :${toString port} {
|
||||
${body}
|
||||
}
|
||||
reverse_proxy :${toString port} {
|
||||
${body}
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
mkHostUser =
|
||||
{
|
||||
account,
|
||||
homeImports,
|
||||
needsPassword ? false,
|
||||
stateVersion ? "24.05",
|
||||
}:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
name = account.name;
|
||||
primaryEmails = lib.filter (email: email.primary) (builtins.attrValues account.emails);
|
||||
in
|
||||
{
|
||||
assertions = [
|
||||
{
|
||||
assertion = builtins.length primaryEmails == 1;
|
||||
message = "User ${name} must define exactly one primary email entry.";
|
||||
}
|
||||
];
|
||||
|
||||
programs.zsh.enable = true;
|
||||
|
||||
sops.secrets = lib.optionalAttrs needsPassword {
|
||||
"hashed-password-${name}".neededForUsers = true;
|
||||
};
|
||||
|
||||
users.users.${name} = {
|
||||
name = account.name;
|
||||
home = account.homeDirectory;
|
||||
isNormalUser = true;
|
||||
shell = pkgs.zsh;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
];
|
||||
}
|
||||
// lib.optionalAttrs needsPassword {
|
||||
hashedPasswordFile = config.sops.secrets."hashed-password-${name}".path;
|
||||
};
|
||||
|
||||
home-manager.users.${name} = {
|
||||
imports = homeImports;
|
||||
meta = {
|
||||
host = config.meta.host;
|
||||
user = account;
|
||||
};
|
||||
home = {
|
||||
username = account.name;
|
||||
homeDirectory = account.homeDirectory;
|
||||
inherit stateVersion;
|
||||
};
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
options.meta.lib.mkHost = lib.mkOption {
|
||||
@@ -73,6 +127,13 @@ in
|
||||
readOnly = true;
|
||||
};
|
||||
|
||||
options.meta.lib.mkHostUser = lib.mkOption {
|
||||
type = lib.types.raw;
|
||||
description = "Internal helper for explicit per-host user assembly.";
|
||||
internal = true;
|
||||
readOnly = true;
|
||||
};
|
||||
|
||||
options.meta.lib.users = lib.mkOption {
|
||||
type = lib.types.attrs;
|
||||
description = "Canonical user attrsets shared by host definitions.";
|
||||
@@ -84,6 +145,7 @@ in
|
||||
inherit
|
||||
mkCaddyReverseProxy
|
||||
mkHost
|
||||
mkHostUser
|
||||
;
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user