From 8282295824ef779329f20498ecae421f15253961 Mon Sep 17 00:00:00 2001 From: Lucien Cartier-Tilet Date: Thu, 30 Apr 2026 13:51:05 +0200 Subject: [PATCH] refactor: enable modules to add groups to users themselves --- flake.lock | 349 +++++--------------------------------- system/dev/docker.nix | 5 +- system/users/phundrak.nix | 9 +- 3 files changed, 53 insertions(+), 310 deletions(-) diff --git a/flake.lock b/flake.lock index f900074..7b03eb7 100644 --- a/flake.lock +++ b/flake.lock @@ -24,43 +24,6 @@ "type": "github" } }, - "cachix": { - "inputs": { - "devenv": [ - "jj-cz", - "devenv" - ], - "flake-compat": [ - "jj-cz", - "devenv", - "flake-compat" - ], - "git-hooks": [ - "jj-cz", - "devenv", - "git-hooks" - ], - "nixpkgs": [ - "jj-cz", - "devenv", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760971495, - "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", - "owner": "cachix", - "repo": "cachix", - "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "latest", - "repo": "cachix", - "type": "github" - } - }, "caelestia-cli": { "inputs": { "caelestia-shell": [ @@ -72,11 +35,11 @@ ] }, "locked": { - "lastModified": 1778125502, - "narHash": "sha256-QAAO9RCR6byVJi50l8RMVJWzrsNYbXonfR6tqU93vIQ=", + "lastModified": 1779768519, + "narHash": "sha256-2n/447oNfAZrl1yncafLPgXMx5tuTF6T2B+zI/zFYkI=", "owner": "caelestia-dots", "repo": "cli", - "rev": "7b8a4281aa8b2b12745de531cce0c65d87aea2e5", + "rev": "64a5507e74f6c7d0c29f9131964412f8f8c4dd89", "type": "github" }, "original": { @@ -94,11 +57,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1778381004, - "narHash": "sha256-JwIlrajiY74obxyTMu/Ym6wOEQaCjpHwfziPK+E5u3Q=", + "lastModified": 1780196414, + "narHash": "sha256-iXmyWULTZuRd68xRL79e9GyYL9FZ6gfh6zl1PPlWX2A=", "owner": "caelestia-dots", "repo": "shell", - "rev": "2ca4ad4a434e91e73504debd5225e66dc5ebb2b6", + "rev": "63bb82762bb29ac9b7fcd5b97839abae721ce860", "type": "github" }, "original": { @@ -115,11 +78,11 @@ ] }, "locked": { - "lastModified": 1778198574, - "narHash": "sha256-XzgYoibIH6diZoZ2GzoGeyV2xdXAwBtXdAze+Qu2kR0=", + "lastModified": 1779822991, + "narHash": "sha256-r6e4eHEyQJEDhT6gkW3B9+OgB0pZebw2+du4bvN3vww=", "owner": "9001", "repo": "copyparty", - "rev": "139ef1851e5d698521a5c2078c56f951d6e54d00", + "rev": "6e75faa62349a59f4df328a4939ba8626d89ee1a", "type": "github" }, "original": { @@ -128,33 +91,6 @@ "type": "github" } }, - "devenv": { - "inputs": { - "cachix": "cachix", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "git-hooks": "git-hooks", - "nix": "nix", - "nixd": "nixd", - "nixpkgs": [ - "jj-cz", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1770304289, - "narHash": "sha256-+g+XMyB1zi50h2N38GE32l7ZONX4oW7Nw6QSXzfNiwk=", - "owner": "cachix", - "repo": "devenv", - "rev": "fd777e39027d393346e4df672d51ad2bf44b2a12", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "devenv", - "type": "github" - } - }, "fenix": { "inputs": { "nixpkgs": [ @@ -178,59 +114,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "jj-cz", - "devenv", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-root": { - "locked": { - "lastModified": 1723604017, - "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", - "owner": "srid", - "repo": "flake-root", - "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", - "type": "github" - }, - "original": { - "owner": "srid", - "repo": "flake-root", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1678901627, @@ -316,57 +199,6 @@ "type": "github" } }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "jj-cz", - "devenv", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "jj-cz", - "devenv", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1760663237, - "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "jj-cz", - "devenv", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -374,11 +206,11 @@ ] }, "locked": { - "lastModified": 1778609305, - "narHash": "sha256-muTc+WME6k3sfTr/Pvmw8hrK7zXrbl961TEF9wPeAnk=", + "lastModified": 1780408569, + "narHash": "sha256-s7Tv6FUQThRAvW8En8XVC6HMb0uiikzVccCcCo9u/Bg=", "owner": "nix-community", "repo": "home-manager", - "rev": "5878fdadfe2cfe1b3383b38d66117f7b80696b68", + "rev": "f384af1bec6423a0d4ba1855917ab948f64e5808", "type": "github" }, "original": { @@ -390,7 +222,6 @@ "jj-cz": { "inputs": { "alejandra": "alejandra", - "devenv": "devenv", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" @@ -398,11 +229,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1777830987, - "narHash": "sha256-fPsv7qZHb9EO04IoQ6cGAj+6/y1pSMEFWmvLCULOEuM=", + "lastModified": 1780002319, + "narHash": "sha256-yf0zhsBfeN7oMRPo0HtCcmPCCTPDAVmVDSw3m68gT7k=", "ref": "develop", - "rev": "bd6892d91e1a04f9b092b22831a977f08a36cbe0", - "revCount": 40, + "rev": "c1c25e33ffcbac3a1df83ca071ca83f119577012", + "revCount": 44, "type": "git", "url": "https://labs.phundrak.com/phundrak/jj-cz" }, @@ -412,52 +243,6 @@ "url": "https://labs.phundrak.com/phundrak/jj-cz" } }, - "nix": { - "inputs": { - "flake-compat": [ - "jj-cz", - "devenv", - "flake-compat" - ], - "flake-parts": [ - "jj-cz", - "devenv", - "flake-parts" - ], - "git-hooks-nix": [ - "jj-cz", - "devenv", - "git-hooks" - ], - "nixpkgs": [ - "jj-cz", - "devenv", - "nixpkgs" - ], - "nixpkgs-23-11": [ - "jj-cz", - "devenv" - ], - "nixpkgs-regression": [ - "jj-cz", - "devenv" - ] - }, - "locked": { - "lastModified": 1769708679, - "narHash": "sha256-uFKkp2/SjIqbu5HtINg/hwHN6qaqcxLIbL/om7dT3kI=", - "owner": "cachix", - "repo": "nix", - "rev": "72bec37fabbfe378d677868ec42eeb83acf07a4c", - "type": "github" - }, - "original": { - "owner": "cachix", - "ref": "devenv-2.32", - "repo": "nix", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -465,11 +250,11 @@ ] }, "locked": { - "lastModified": 1778393439, - "narHash": "sha256-mOtQxUjtKaPHLeoLOY/YEDctmud1X9KwJr4kE1MJ3Wc=", + "lastModified": 1780210899, + "narHash": "sha256-4axz3OBPTKa6LIkXV8n0lc63MQU+et2CB5DGobEAi6k=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "01466c414c7357ae2ce32be4a272a7c69e94ab5f", + "rev": "97df9dc0b7c924344b793a15c1e8e4522ebb854e", "type": "github" }, "original": { @@ -478,42 +263,13 @@ "type": "github" } }, - "nixd": { - "inputs": { - "flake-parts": [ - "jj-cz", - "devenv", - "flake-parts" - ], - "flake-root": "flake-root", - "nixpkgs": [ - "jj-cz", - "devenv", - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1763964548, - "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", - "owner": "nix-community", - "repo": "nixd", - "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixd", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1778443072, - "narHash": "sha256-zi7/fsqM/kFdNuED//4WOCUtezGtKKqRNORjMvfwjnA=", + "lastModified": 1780243769, + "narHash": "sha256-x5UQuRsH3MqI0U9afaXSNqzTPSeZlRLvFAav2Ux1pNw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "da5ad661ba4e5ef59ba743f0d112cbc30e474f32", + "rev": "331800de5053fcebacf6813adb5db9c9dca22a0c", "type": "github" }, "original": { @@ -525,11 +281,11 @@ }, "nixpkgsStable": { "locked": { - "lastModified": 1778430510, - "narHash": "sha256-Ti+ZBvW6yrWWAg2szExVTwCd4qOJ3KlVr1tFHfyfi8Q=", + "lastModified": 1779796641, + "narHash": "sha256-ZsIrKmhp4vbBXoXXmR/tBXA/UCsAQiJL9vsgZEduhVY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8fd9daa3db09ced9700431c5b7ad0e8ba199b575", + "rev": "25f538306313eae3927264466c70d7001dcea1df", "type": "github" }, "original": { @@ -568,11 +324,11 @@ ] }, "locked": { - "lastModified": 1778222427, - "narHash": "sha256-6GFiP611nEJvtm+m03sMyfaVIJ9QOCi//hS+PPKyyPA=", + "lastModified": 1779430452, + "narHash": "sha256-zTslhsxLqUlRTML506iougTGzyR38Fzhzn7t4KDEuuE=", "ref": "refs/heads/master", - "rev": "d1760ed1f31c02a95b37a9bf4084129c829ebe7f", - "revCount": 817, + "rev": "4b4fca3224ab977dc515ac0bb78d00b3dfa71e00", + "revCount": 819, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -651,11 +407,11 @@ ] }, "locked": { - "lastModified": 1770260791, - "narHash": "sha256-ADTBfENFjRVDQMcCycyX/pAy6NFI/Ct6Mrar3gsmXI0=", + "lastModified": 1779992051, + "narHash": "sha256-4YWGv/0NkAdtTW1MXfaLYpfC9BhpCy9k1pWkR0xI9uw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "42ec85352e419e601775c57256a52f6d48a39906", + "rev": "e93ad0df1073b2c969a8f0c1f10b84e870469d40", "type": "github" }, "original": { @@ -713,11 +469,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1778540809, - "narHash": "sha256-FNXls2QZTcxY0Dem3QtSewnr8vUKMDsTw9m8pLOnhTc=", + "lastModified": 1780422259, + "narHash": "sha256-dWGk4SEdI189kQW5cE4Uo1Mc+P+kQEdgMcyMgTtmQOA=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "83939d7df4c0f1b8ee88cabde112223280a48554", + "rev": "8414bbf2fcc7bc0a22c675e498e3c7365c1aec0a", "type": "github" }, "original": { @@ -733,11 +489,11 @@ ] }, "locked": { - "lastModified": 1778468351, - "narHash": "sha256-A5ZdpWN5d+OmKln2EPPeMmPJaBwbugO9dEhyp3pn/X8=", + "lastModified": 1780391957, + "narHash": "sha256-dPoi/DCQYlMGk9MRNODrI0VKTyLw4VzXMgIijQqhRIo=", "owner": "nix-community", "repo": "srvos", - "rev": "23122d21dfbe00e072ce515e21af18882bc88fd7", + "rev": "f7378bf89f4c4c0b5e3bf18079a7366a78beba07", "type": "github" }, "original": { @@ -806,29 +562,6 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "jj-cz", - "devenv", - "nixd", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1734704479, - "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "zen-browser": { "inputs": { "nixpkgs": [ @@ -836,11 +569,11 @@ ] }, "locked": { - "lastModified": 1778303188, - "narHash": "sha256-zXFSvK80qpI91B7DU9QSExAtafSrz6vzormh2kUi6kQ=", + "lastModified": 1779946062, + "narHash": "sha256-M/2bCPYjiBTkDNV29J/00z10RM3yYnL9X74RqAHDme0=", "owner": "youwen5", "repo": "zen-browser-flake", - "rev": "9346c84657a9cab472bc4ee5a2d65d42a72d5346", + "rev": "2e2c38ba20a3d614d0196e0aa44851547306e861", "type": "github" }, "original": { diff --git a/system/dev/docker.nix b/system/dev/docker.nix index 5d35adf..279fa9b 100644 --- a/system/dev/docker.nix +++ b/system/dev/docker.nix @@ -20,6 +20,9 @@ in { }; config = mkIf cfg.enable { + mySystem.users.phundrak = mkIf config.mySystem.users.phundrak.enable { + extraGroups = ["docker"] ++ lists.optional cfg.podman.enable "podman"; + }; environment.systemPackages = with pkgs; [ dive # A tool for exploring each layer in a docker image @@ -29,7 +32,7 @@ in { podman-compose podman-desktop ]; - virtualisation = mkIf cfg.enable { + virtualisation = { docker = mkIf (!cfg.podman.enable) { enable = true; enableNvidia = cfg.nvidia.enable; diff --git a/system/users/phundrak.nix b/system/users/phundrak.nix index 1be0f40..ccdd76d 100644 --- a/system/users/phundrak.nix +++ b/system/users/phundrak.nix @@ -10,13 +10,20 @@ in { options.mySystem.users.phundrak = { enable = mkEnableOption "Enables user phundrak"; trusted = mkEnableOption "Mark the user as trusted by Nix"; + extraGroups = mkOption { + type = types.listOf types.str; + default = []; + example = ["feedbackd"]; + }; }; config = { users.users.phundrak = mkIf cfg.enable { isNormalUser = true; description = "Lucien Cartier-Tilet"; - extraGroups = ["networkmanager" "wheel" "docker" "dialout" "podman" "plugdev" "games" "audio" "input" "uinput"]; + extraGroups = + ["networkmanager" "wheel" "dialout" "plugdev" "games" "audio" "input"] + ++ cfg.extraGroups; shell = pkgs.zsh; openssh.authorizedKeys.keyFiles = lib.filesystem.listFilesRecursive ../../users/phundrak/keys; };