tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

system: user groups are now only set if the corresponding module is enabled

Browse source
This commit is contained in:
Tigor Hutasuhut 2024-06-15 16:45:52 +07:00
parent 2a3c822b56
commit 2c91ce9e07
6 changed files with 12 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
system/docker/default.nix
View file

@ -1,9 +1,11 @@
{ config, lib, ... }:
let
cfg = config.profile.docker;
username = config.profile.user.name;
in
{
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "docker" ];
virtualisation.docker.enable = true;
virtualisation.docker.autoPrune.enable = true;
virtualisation.oci-containers.backend = "docker";

2
system/modules/android.nix
View file

@ -1,9 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.android;
username = config.profile.user.name;
in
{
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "adbusers" ];
programs.adb.enable = true;
environment.systemPackages = with pkgs; [
androidenv.androidPkgs_9_0.platform-tools

2
system/modules/printing.nix
View file

@ -1,9 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.printing;
username = config.profile.user.name;
in
{
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "lp" ];
services.printing = {
enable = true;
drivers = [ pkgs.brlaser ]; # Brother Laser Printer

2
system/modules/scanner.nix
View file

@ -1,9 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.scanner;
username = config.profile.user.name;
in
{
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "scanner" ];
environment.systemPackages = with pkgs; [
skanlite
];

4
system/podman/default.nix
View file

@ -1,9 +1,11 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.podman;
username = config.profile.user.name;
in
{
config = lib.mkIf cfg.enable {
users.users.${username}.extraGroups = [ "podman" ];
# services.caddy.enable = true;
environment.systemPackages = with pkgs; [
dive # look into docker image layers
@ -21,7 +23,7 @@ in
defaultNetwork.settings.dns_enabled = true;
};
# https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
networking.firewall.interfaces.podman1 = {
networking.firewall.interfaces."podman[0-9]+" = {
allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
};
};

2
system/user.nix
View file

@ -7,7 +7,7 @@ in
users.users.${user} = {
isNormalUser = true;
description = fullName;
extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ];
extraGroups = [ "networkmanager" "wheel" ];
shell = pkgs.zsh;
};