system: user groups are now only set if the corresponding module is enabled

2024-06-15 16:45:52 +07:00 · 2024-06-15 16:45:52 +07:00 · 2c91ce9e07
parent 2a3c822b56
commit 2c91ce9e07
6 changed files with 12 additions and 2 deletions
--- a/system/docker/default.nix
+++ b/system/docker/default.nix
@ -1,9 +1,11 @@
 { config, lib, ... }:
 let
  cfg = config.profile.docker;
+  username = config.profile.user.name;
 in
 {
  config = lib.mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "docker" ];
    virtualisation.docker.enable = true;
    virtualisation.docker.autoPrune.enable = true;
    virtualisation.oci-containers.backend = "docker";
--- a/system/modules/android.nix
+++ b/system/modules/android.nix
@ -1,9 +1,11 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.profile.android;
+  username = config.profile.user.name;
 in
 {
  config = lib.mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "adbusers" ];
    programs.adb.enable = true;
    environment.systemPackages = with pkgs; [
      androidenv.androidPkgs_9_0.platform-tools
--- a/system/modules/printing.nix
+++ b/system/modules/printing.nix
@ -1,9 +1,11 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.profile.printing;
+  username = config.profile.user.name;
 in
 {
  config = lib.mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "lp" ];
    services.printing = {
      enable = true;
      drivers = [ pkgs.brlaser ]; # Brother Laser Printer
--- a/system/modules/scanner.nix
+++ b/system/modules/scanner.nix
@ -1,9 +1,11 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.profile.scanner;
+  username = config.profile.user.name;
 in
 {
  config = lib.mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "scanner" ];
    environment.systemPackages = with pkgs; [
      skanlite
    ];
--- a/system/podman/default.nix
+++ b/system/podman/default.nix
@ -1,9 +1,11 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.profile.podman;
+  username = config.profile.user.name;
 in
 {
  config = lib.mkIf cfg.enable {
+    users.users.${username}.extraGroups = [ "podman" ];
    # services.caddy.enable = true;
    environment.systemPackages = with pkgs; [
      dive # look into docker image layers
@ -21,7 +23,7 @@ in
      defaultNetwork.settings.dns_enabled = true;
    };
    # https://madison-technologies.com/take-your-nixos-container-config-and-shove-it/
-    networking.firewall.interfaces.podman1 = {
+    networking.firewall.interfaces."podman[0-9]+" = {
      allowedUDPPorts = [ 53 ]; # this needs to be there so that containers can look eachother's names up over DNS
    };
  };
--- a/system/user.nix
+++ b/system/user.nix
@ -7,7 +7,7 @@ in
  users.users.${user} = {
    isNormalUser = true;
    description = fullName;
-    extraGroups = [ "networkmanager" "wheel" "docker" "adbusers" "scanner" "lp" "podman" ];
+    extraGroups = [ "networkmanager" "wheel" ];
    shell = pkgs.zsh;
  };