From 2c91ce9e0723a9a43d6c9fb5c333f32b8be241d9 Mon Sep 17 00:00:00 2001 From: Tigor Hutasuhut Date: Sat, 15 Jun 2024 16:45:52 +0700 Subject: [PATCH] system: user groups are now only set if the corresponding module is enabled --- system/docker/default.nix | 2 ++ system/modules/android.nix | 2 ++ system/modules/printing.nix | 2 ++ system/modules/scanner.nix | 2 ++ system/podman/default.nix | 4 +++- system/user.nix | 2 +- 6 files changed, 12 insertions(+), 2 deletions(-) diff --git a/system/docker/default.nix b/system/docker/default.nix index e695c3d..a159712 100644 --- a/system/docker/default.nix +++ b/system/docker/default.nix @@ -1,9 +1,11 @@ { config, lib, ... }: let cfg = config.profile.docker; + username = config.profile.user.name; in { config = lib.mkIf cfg.enable { + users.users.${username}.extraGroups = [ "docker" ]; virtualisation.docker.enable = true; virtualisation.docker.autoPrune.enable = true; virtualisation.oci-containers.backend = "docker"; diff --git a/system/modules/android.nix b/system/modules/android.nix index 297b3a3..7464946 100644 --- a/system/modules/android.nix +++ b/system/modules/android.nix @@ -1,9 +1,11 @@ { config, lib, pkgs, ... }: let cfg = config.profile.android; + username = config.profile.user.name; in { config = lib.mkIf cfg.enable { + users.users.${username}.extraGroups = [ "adbusers" ]; programs.adb.enable = true; environment.systemPackages = with pkgs; [ androidenv.androidPkgs_9_0.platform-tools diff --git a/system/modules/printing.nix b/system/modules/printing.nix index 901db66..097ddec 100644 --- a/system/modules/printing.nix +++ b/system/modules/printing.nix @@ -1,9 +1,11 @@ { config, lib, pkgs, ... }: let cfg = config.profile.printing; + username = config.profile.user.name; in { config = lib.mkIf cfg.enable { + users.users.${username}.extraGroups = [ "lp" ]; services.printing = { enable = true; drivers = [ pkgs.brlaser ]; # Brother Laser Printer diff --git a/system/modules/scanner.nix b/system/modules/scanner.nix index 6c58b2f..8eccbaf 100644 --- a/system/modules/scanner.nix +++ b/system/modules/scanner.nix @@ -1,9 +1,11 @@ { config, lib, pkgs, ... }: let cfg = config.profile.scanner; + username = config.profile.user.name; in { config = lib.mkIf cfg.enable { + users.users.${username}.extraGroups = [ "scanner" ]; environment.systemPackages = with pkgs; [ skanlite ]; diff --git a/system/podman/default.nix b/system/podman/default.nix index 34c206b..80322d1 100644 --- a/system/podman/default.nix +++ b/system/podman/default.nix @@ -1,9 +1,11 @@ { config, lib, pkgs, ... }: let cfg = config.profile.podman; + username = config.profile.user.name; in { config = lib.mkIf cfg.enable { + users.users.${username}.extraGroups = [ "podman" ]; # services.caddy.enable = true; environment.systemPackages = with pkgs; [ dive # look into docker image layers @@ -21,7 +23,7 @@ in defaultNetwork.settings.dns_enabled = true; }; # https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/ - networking.firewall.interfaces.podman1 = { + networking.firewall.interfaces."podman[0-9]+" = { allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS }; }; diff --git a/system/user.nix b/system/user.nix index aaba880..8da526a 100644 --- a/system/user.nix +++ b/system/user.nix @@ -7,7 +7,7 @@ in users.users.${user} = { isNormalUser = true; description = fullName; - extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ]; + extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.zsh; };