Commit 438b37ec7b27

@@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+  users.users.houbeb = {
+    createHome = true;
+    description = "Houbeb Ben Othmene";
+    extraGroups = [ "wheel" ];
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = [
+      "…"
+    ];
+  };
+  /*
+  home-manager.users.houbeb = {
+    home.packages = with pkgs; [ hello ];
+  };
+  */
+}

@@ -0,0 +1,12 @@
+{ config, lib, pkgs, ... }:
+
+with lib; {
+  users.users.root = {
+    shell = mkIf config.programs.zsh.enable pkgs.zsh;
+  };
+  /*
+  home-manager.users.root = lib.mkMerge (
+    [ (import ../vincent/core) ]
+  );
+  */
+}

@@ -0,0 +1,86 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  secretPath = ../../secrets/machines.nix;
+  secretCondition = (builtins.pathExists secretPath);
+
+  isAuthorized = p: builtins.isAttrs p && p.authorized or false;
+  authorizedKeys = lists.optionals secretCondition (
+    attrsets.mapAttrsToList
+      (name: value: value.key)
+      (attrsets.filterAttrs (name: value: isAuthorized value) (import secretPath).ssh)
+  );
+
+  hasConfigVirtualizationContainers = builtins.hasAttr "containers" config.virtualisation;
+  isContainersEnabled = if hasConfigVirtualizationContainers then config.virtualisation.containers.enable else false;
+in
+{
+  users.users.vincent = {
+    createHome = true;
+    uid = 1000;
+    description = "Vincent Demeester";
+    extraGroups = [ "wheel" "input" ]
+      ++ optionals config.profiles.desktop.enable [ "audio" "video" "networkmanager" ]
+      ++ optionals config.profiles.scanning.enable [ "lp" "scanner" ]
+      ++ optionals config.networking.networkmanager.enable [ "networkmanager" ]
+      ++ optionals config.profiles.docker.enable [ "docker" ]
+      ++ optionals config.virtualisation.buildkitd.enable [ "buildkit" ]
+      ++ optionals config.profiles.virtualization.enable [ "libvirtd" ];
+    shell = mkIf config.programs.zsh.enable pkgs.zsh;
+    isNormalUser = true;
+    openssh.authorizedKeys.keys = authorizedKeys;
+    # FIXME change this ?
+    initialPassword = "changeMe";
+    # FIXME This might be handled differently by programs.podman, …
+    subUidRanges = [{ startUid = 100000; count = 65536; }];
+    subGidRanges = [{ startGid = 100000; count = 65536; }];
+  };
+
+
+  /*
+  security.pam.services.vincent.fprintAuth = config.services.fprintd.enable;
+
+  home-manager.users.vincent = lib.mkMerge
+    (
+      [
+        (import ./core)
+        (import ./mails { hostname = config.networking.hostName; pkgs = pkgs; })
+      ]
+      ++ optionals config.profiles.dev.enable [ (import ./dev) ]
+      ++ optionals config.profiles.desktop.enable [ (import ./desktop) ]
+      ++ optionals config.profiles.desktop.gnome.enable [ (import ./desktop/gnome.nix) ]
+      ++ optionals config.profiles.desktop.i3.enable [ (import ./desktop/i3.nix) ]
+      ++ optionals (config.networking.hostName == "wakasu") [
+        {
+          home.packages = with pkgs; [
+            libosinfo
+            asciinema
+            oathToolkit
+          ];
+        }
+      ]
+      ++ optionals (config.profiles.laptop.enable && config.profiles.desktop.enable) [
+        {
+          # FIXME move this in its own file
+          programs.autorandr.enable = true;
+        }
+      ]
+      ++ optionals config.profiles.docker.enable [
+        {
+          home.packages = with pkgs; [ docker docker-compose ];
+        }
+      ]
+      ++ optionals (config.profiles.yubikey.enable && config.profiles.yubikey.u2f) [{
+        home.file.".config/Yubico/u2f_keys".source = pkgs.mkSecret ../../secrets/u2f_keys;
+      }]
+      ++ optionals (isContainersEnabled && config.profiles.dev.enable) [ (import ./containers) ]
+      ++ optionals config.profiles.kubernetes.enable [ (import ./containers/kubernetes.nix) ]
+      ++ optionals config.profiles.openshift.enable [ (import ./containers/openshift.nix) ]
+      ++ optionals config.profiles.tekton.enable [ (import ./containers/tekton.nix) ]
+      ++ optionals config.profiles.redhat.enable [{
+        home.file.".local/share/applications/redhat-vpn.desktop".source = ./redhat/redhat-vpn.desktop;
+        home.packages = with pkgs; [ gnome3.zenity oathToolkit ];
+      }]
+    );
+    */
+}

@@ -94,14 +94,13 @@
          The attribute set is composed of:
          - pkgs: the package set to use. To be taken from the inputs (inputs.nixos, …)
          - system: the architecture of the system. Default is x86_64-linux.
-         - config
-         - users
-
+         - config: the configuration path that will be imported
+         - users: the list of user configuration to import
       */
       mkNixOsConfiguration = name: { pkgs
                                    , system ? "x86_64-linux"
                                    , config ? ./systems/hosts + "/${name}.flake.nix"
-                                   , users ? [ "vincent" ]
+                                   , users ? [ "root" "vincent" ]
                                    }:
         # assert asserts.assertMsg (builtins.pathExists config) "${name} has no configuration, create one in ./systems/hosts/${name}.flake.nix";
         nameValuePair name (nixosSystem {
@@ -145,7 +144,9 @@
             (import ./systems/modules/default.flake.nix)
             (import ./systems/profiles)
             (import config)
-          ];
+          ]
+          # Load user configuration based on the list of users passed.
+          ++ (map (f: import (./users + ("/" + f + "/default.flake.nix"))) users);
           specialArgs = { inherit name inputs; };
         });