Snowfall: split out user homes into new directory

homes/common/git.nix

@@ -0,0 +1,17 @@
+{ namespace, osConfig, ... }:
+{
+  programs.git = {
+    enable = true;
+    userName = osConfig.${namespace}.secrets.users.aires.firstName;
+    userEmail = osConfig.${namespace}.secrets.users.aires.email;
+    extraConfig = {
+      core.editor = osConfig.${namespace}.editor;
+      merge.conflictStyle = "zdiff3";
+      pull.ff = "only";
+      push.autoSetupRemote = "true";
+      safe.directory = "${osConfig.${namespace}.secrets.nixConfigFolder}/.git";
+      submodule.recurse = true;
+      credential.helper = "/run/current-system/sw/bin/git-credential-libsecret";
+    };
+  };
+}

homes/x86_64-linux/aires/default.nix

@@ -0,0 +1,74 @@
+{
+  namespace,
+  osConfig,
+  ...
+}:
+
+{
+  imports = [
+    ../../common/git.nix
+    ../../common/gnome.nix
+    ../../common/zsh.nix
+  ];
+
+  home = {
+    # The state version is required and should stay at the version you originally installed.
+    stateVersion = "24.05";
+
+    # Create .face file
+    file.".face".source = ./face.png;
+  };
+
+  programs = {
+    # Let home Manager install and manage itself.
+    home-manager.enable = true;
+
+    # Set up git
+    git = {
+      enable = true;
+      userName = osConfig.${namespace}.secrets.users.aires.firstName;
+      userEmail = osConfig.${namespace}.secrets.users.aires.email;
+      extraConfig = {
+        core.editor = osConfig.${namespace}.editor;
+        merge.conflictStyle = "zdiff3";
+        pull.ff = "only";
+        push.autoSetupRemote = "true";
+        safe.directory = "${osConfig.${namespace}.secrets.nixConfigFolder}/.git";
+        submodule.recurse = true;
+        credential.helper = "/run/current-system/sw/bin/git-credential-libsecret";
+      };
+    };
+
+    # Set up SSH
+    ssh = {
+      enable = true;
+      matchBlocks = osConfig.${namespace}.secrets.users.aires.sshConfig;
+    };
+
+    # Set up Zsh
+    zsh = {
+      oh-my-zsh = {
+        theme = "gentoo";
+      };
+      shellAliases = {
+        com = "compile-manuscript";
+        nos = "nixos-operations-script";
+        z = "zellij";
+        update = "upgrade";
+        upgrade = "nos --update";
+      };
+      loginExtra = ''
+        fastfetch --memory-percent-green 75 --memory-percent-yellow 90
+      '';
+    };
+  };
+
+  # Run the SSH agent on login
+  systemd.user.services."ssh-agent" = {
+    Unit.Description = "Manually starts the SSH agent.";
+    Service.ExecStart = ''
+      eval "$(ssh-agent -s)"
+    '';
+    Install.WantedBy = [ "multi-user.target" ]; # starts after login
+  };
+}

homes/x86_64-linux/gremlin@Shura/default.nix

@@ -0,0 +1,53 @@
+{
+  config,
+  namespace,
+  osConfig,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    ../../common/git.nix
+    ../../common/gnome.nix
+    ../../common/zsh.nix
+  ];
+
+  home = {
+
+    # The state version is required and should stay at the version you originally installed.
+    stateVersion = "24.05";
+
+    # Set environment variables
+    sessionVariables = {
+      KUBECONFIG = "/home/gremlin/.kube/config";
+    };
+
+    # Install packages specific to Gremlin
+    packages = [
+      pkgs.awscli2
+      pkgs.unstable.figma-linux
+    ];
+
+    # Create .face file
+    file.".face".source = ./face.png;
+  };
+
+  programs = {
+    # Let home Manager install and manage itself.
+    home-manager.enable = true;
+
+    # Set up SSH
+    ssh = {
+      enable = true;
+      matchBlocks = osConfig.${namespace}.secrets.users.gremlin.sshConfig;
+    };
+
+    # Set up Zsh
+    zsh = {
+      oh-my-zsh = {
+        theme = "gnzh";
+      };
+    };
+  };
+}

modules/nixos/services/virtualization/default.nix

@@ -16,11 +16,6 @@ in
       enable = lib.mkEnableOption "Enables virtualization tools on this host.";
       host = {
         enable = lib.mkEnableOption "Enables virtual machine hosting.";
-        user = lib.mkOption {
-          default = "";
-          type = lib.types.str;
-          description = "The default user to add as a KVM admin.";
-        };
         vmBuilds = {
           enable = lib.mkEnableOption "Enables builds via `nixos-rebuild build-vm` on this host.";
           cores = lib.mkOption {
@@ -57,8 +52,6 @@ in
         spiceUSBRedirection.enable = true;
       };
 
-      users.users.${cfg.host.user}.extraGroups = [ "libvirtd" ];
-
       environment.systemPackages = with pkgs; [
         spice
         spice-gtk

modules/nixos/ui/desktops/gnome/default.nix

@@ -15,14 +15,31 @@ in
   options = {
     ${namespace}.ui.desktops.gnome = {
       enable = lib.mkEnableOption "Enables the Gnome Desktop Environment.";
+      autologin = lib.mkOption {
+        type = lib.types.str;
+        default = "";
+        description = "Which user to automatically log in (leave empty to disable).";
+      };
     };
   };
 
   config = lib.mkIf cfg.enable {
     ${namespace}.ui.desktops.enable = true;
 
+    # This is a workaround for shells crashing on autologin.
+    # See https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+    systemd.services = lib.mkIf (cfg.autologin != "") {
+      "getty@tty1".enable = false;
+      "autovt@tty1".enable = false;
+    };
+
     # Enable Gnome
     services = {
+      displayManager.autoLogin = lib.mkIf (cfg.autologin != "") {
+        enable = true;
+        user = cfg.autologin;
+      };
+
       xserver = {
         # Remove default packages that came with the install
         excludePackages = [ pkgs.xterm ];

modules/nixos/users/aires/default.nix

@@ -6,6 +6,8 @@
 }:
 
 # Define 'aires'
+
+# FIXME: Can't set osConfig in the /homes/ folder, so we unfortunately need to keep the system-level user configuration here.
 let
   cfg = config.${namespace}.users.aires;
 in
@@ -13,116 +15,33 @@ in
   options = {
     ${namespace}.users.aires = {
       enable = lib.mkEnableOption "Enables aires user account";
-      autologin = lib.mkEnableOption "Automatically logs aires in on boot";
     };
   };
 
-  config = lib.mkIf cfg.enable (
+  config = lib.mkIf cfg.enable {
-    lib.mkMerge [
+    users = {
-      {
+      users.aires = {
-        users.users.aires = {
+        isNormalUser = true;
-          isNormalUser = true;
+        description = "Aires";
-          description = "Aires";
+        uid = 1000;
-          uid = 1000;
+        hashedPassword = config.${namespace}.secrets.users.aires.hashedPassword;
-          hashedPassword = config.${namespace}.secrets.users.aires.hashedPassword;
+        extraGroups = [
-          extraGroups = [
+          "input"
-            "input"
+          "networkmanager"
-            "networkmanager"
+          "plugdev"
-            "plugdev"
+          "tss" # For access to TPM devices
-            "tss" # For access to TPM devices
+          "wheel"
-            "wheel"
+          "users"
-            "users"
+          (lib.mkIf config.${namespace}.services.virtualization.host.enable "libvirtd")
-          ];
+        ];
 
-          # Allow systemd services to run even while aires is logged out
+        # Allow systemd services to run even while aires is logged out
-          linger = true;
+        linger = true;
-        };
+      };
 
-        # Configure home-manager
+      groups."aires" = {
-        home-manager.users.aires = {
+        gid = 1000;
-          imports = [
+      };
-            ../common/home-manager/gnome.nix
+    };
-            ../common/home-manager/zsh.nix
+  };
-          ];
-
-          home = {
-            # The state version is required and should stay at the version you originally installed.
-            stateVersion = "24.05";
-
-            # Basic setup
-            username = "aires";
-            homeDirectory = "/home/aires";
-
-            # Create .face file
-            file.".face".source = ./face.png;
-          };
-
-          programs = {
-            # Let home Manager install and manage itself.
-            home-manager.enable = true;
-
-            # Set up git
-            git = {
-              enable = true;
-              userName = config.${namespace}.secrets.users.aires.firstName;
-              userEmail = config.${namespace}.secrets.users.aires.email;
-              extraConfig = {
-                core.editor = config.${namespace}.editor;
-                merge.conflictStyle = "zdiff3";
-                pull.ff = "only";
-                push.autoSetupRemote = "true";
-                safe.directory = "${config.${namespace}.secrets.nixConfigFolder}/.git";
-                submodule.recurse = true;
-                credential.helper = "/run/current-system/sw/bin/git-credential-libsecret";
-              };
-            };
-
-            # Set up SSH
-            ssh = {
-              enable = true;
-              matchBlocks = config.${namespace}.secrets.users.aires.sshConfig;
-            };
-
-            # Set up Zsh
-            zsh = {
-              oh-my-zsh = {
-                theme = "gentoo";
-              };
-              shellAliases = {
-                com = "compile-manuscript";
-                nos = "nixos-operations-script";
-                z = "zellij";
-                update = "upgrade";
-                upgrade = "nos --update";
-              };
-              loginExtra = ''
-                fastfetch --memory-percent-green 75 --memory-percent-yellow 90
-              '';
-            };
-          };
-
-          # Run the SSH agent on login
-          systemd.user.services."ssh-agent" = {
-            Unit.Description = "Manually starts the SSH agent.";
-            Service.ExecStart = ''
-              eval "$(ssh-agent -s)"
-            '';
-            Install.WantedBy = [ "multi-user.target" ]; # starts after login
-          };
-        };
-      }
-
-      # Autologin aires
-      (lib.mkIf cfg.autologin {
-        services.displayManager.autoLogin = {
-          enable = true;
-          user = "aires";
-        };
-        systemd.services = {
-          "getty@tty1".enable = false;
-          "autovt@tty1".enable = false;
-        };
-      })
-    ]
-  );
 }

modules/nixos/users/gremlin/default.nix

@@ -1,5 +1,4 @@
 {
-  pkgs,
   lib,
   config,
   namespace,
@@ -17,14 +16,15 @@ in
     };
   };
 
-  config = lib.mkMerge [
+  config = lib.mkIf cfg.enable {
-    (lib.mkIf cfg.enable {
+    # Add Gremlin account
-      # Add Gremlin account
+    users = {
-      users.users.gremlin = {
+      users.gremlin = {
         isNormalUser = true;
         description = "Gremlin";
         uid = 1001;
         hashedPassword = config.${namespace}.secrets.users.gremlin.hashedPassword;
+        group = "gremlin";
         extraGroups = [
           "networkmanager"
           "input"
@@ -35,62 +35,16 @@ in
         linger = true;
       };
 
-      # Install gremlin-specific flatpaks
+      groups."gremlin" = {
-      ${namespace}.ui.flatpak.packages = [
+        gid = 1001;
-        "com.google.Chrome"
-        "com.slack.Slack"
-      ];
-
-      home-manager.users.gremlin = {
-        imports = [
-          ../common/home-manager/gnome.nix
-          ../common/home-manager/zsh.nix
-        ];
-
-        home = {
-          # Basic setup
-          username = "gremlin";
-          homeDirectory = "/home/gremlin";
-
-          # The state version is required and should stay at the version you originally installed.
-          stateVersion = "24.05";
-
-          # Set environment variables
-          sessionVariables = {
-            KUBECONFIG = "/home/gremlin/.kube/config";
-          };
-
-          # Install packages specific to Gremlin
-          packages = [
-            pkgs.awscli2
-            pkgs.unstable.figma-linux
-          ];
-
-          # Create .face file
-          file.".face".source = ./face.png;
-        };
-
-        programs = {
-          # Let home Manager install and manage itself.
-          home-manager.enable = true;
-
-          # Set up git to match Aires' configuration
-          git = config.home-manager.users.aires.programs.git;
-
-          # Set up SSH
-          ssh = {
-            enable = true;
-            matchBlocks = config.${namespace}.secrets.users.gremlin.sshConfig;
-          };
-
-          # Set up Zsh
-          zsh = {
-            oh-my-zsh = {
-              theme = "gnzh";
-            };
-          };
-        };
       };
-    })
+    };
-  ];
+
+    # Install gremlin-specific flatpaks
+    ${namespace}.ui.flatpak.packages = [
+      "com.google.Chrome"
+      "com.slack.Slack"
+    ];
+
+  };
 }

modules/nixos/users/root/default.nix

@@ -1,7 +1,10 @@
 { ... }:
 {
+  # FIXME: Dropping this into /homes/ causes a weird error that I don't know how to fix:
+  #   "error: The option `users.users.root.shell' is defined multiple times while it's expected to be unique."
+  # Keeping here for now.
   home-manager.users.root = {
-    imports = [ ../common/home-manager/zsh.nix ];
+    imports = [ ../../../../homes/common/zsh.nix ];
 
     home.stateVersion = "24.05";
     programs.zsh = {

systems/x86_64-linux/Hevana/default.nix

@@ -280,7 +280,6 @@ in
       };
       virtualization.host = {
         enable = true;
-        user = "aires";
         vmBuilds = {
           enable = true;
           cores = 3;

systems/x86_64-linux/Khanda/default.nix

@@ -76,7 +76,6 @@ in
         enable = true;
         host = {
           enable = true;
-          user = "aires";
           vmBuilds = {
             enable = true;
             cores = 4;

systems/x86_64-linux/Shura/default.nix

@@ -82,7 +82,6 @@ in
       virtualization = {
         enable = true;
         host = {
-          user = "aires";
           vmBuilds = {
             enable = true;
             cores = 4;