Extract identity component

2023-05-17 18:45:47 -07:00 · 2023-05-17 18:45:47 -07:00 · e00ec679fb
commit e00ec679fb
parent e0f09be044
16 changed files with 66 additions and 27 deletions
--- a/common/components/git.user.nix
+++ b/common/components/git.user.nix
@ -1,5 +1,8 @@
 { lib, pkgs, ... }:

+let
+  identity = import ../resources/identity.nix;
+in
 {
  home.packages = with pkgs; [
    delta
@ -11,9 +14,9 @@
  programs.git = {
    enable = true;

-    userName = "Andrew Kvalheim";
-    userEmail = "Andrew@Kvalhe.im";
-    signing.key = "0x9254D45940949194";
+    userName = identity.name.long;
+    userEmail = identity.email;
+    signing.key = identity.openpgp.id;

    aliases = {
      diff-image = "!f() { cd -- \"\${GIT_PREFIX:-.}\"; GIT_DIFF_IMAGE_ENABLED=1 git diff \"$@\"; }; f";
--- a/common/components/keyboard.system.nix
+++ b/common/components/keyboard.system.nix
@ -1,5 +1,8 @@
 { config, ... }:

+let
+  identity = import ../resources/identity.nix;
+in
 {
  imports = [
    ../../packages/kmonad.nix
@ -26,5 +29,5 @@
  services.ydotoold.enable = true;

  # Permissions
-  users.users.ak.extraGroups = [ "ydotool" ];
+  users.users.${identity.username}.extraGroups = [ "ydotool" ];
 }
--- a/common/components/networking.system.nix
+++ b/common/components/networking.system.nix
@ -2,6 +2,8 @@

 let
  inherit (config) host;
+
+  identity = import ../resources/identity.nix;
 in
 {
  options.host = {
@ -52,6 +54,6 @@ in
    system.activationScripts.etcAvahiServices = "mkdir -p /etc/avahi/services";

    # Permissions
-    users.users.ak.extraGroups = [ "networkmanager" ];
+    users.users.${identity.username}.extraGroups = [ "networkmanager" ];
  };
 }
--- a/common/components/openpgp.user.nix
+++ b/common/components/openpgp.user.nix
@ -1,5 +1,8 @@
 { config, pkgs, ... }:

+let
+  identity = import ../resources/identity.nix;
+in
 {
  home.packages = with pkgs; [
    yubikey-touch-detector-icon
@ -19,7 +22,7 @@
  programs.gpg = {
    enable = true;
    settings = {
-      default-key = "0x9254D45940949194";
+      default-key = identity.openpgp.id;
      keyid-format = "0xlong";
      no-greeting = true;
      no-symkey-cache = true;
--- a/common/components/printer.system.nix
+++ b/common/components/printer.system.nix
@ -1,5 +1,8 @@
 { pkgs, ... }:

+let
+  identity = import ../resources/identity.nix;
+in
 {
  allowedUnfree = [ "brgenml1lpr" ];

@ -16,5 +19,5 @@
  };

  # Permissions
-  users.users.ak.extraGroups = [ "lp" ];
+  users.users.${identity.username}.extraGroups = [ "lp" ];
 }
--- a/common/components/scanner.system.nix
+++ b/common/components/scanner.system.nix
@ -1,3 +1,6 @@
+let
+  identity = import ../resources/identity.nix;
+in
 {
  imports = [ <nixpkgs/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix> ];

@ -10,5 +13,5 @@
  };

  # Permissions
-  users.users.ak.extraGroups = [ "scanner" ];
+  users.users.${identity.username}.extraGroups = [ "scanner" ];
 }
--- a/common/components/users.system.nix
+++ b/common/components/users.system.nix
@ -1,17 +1,20 @@
 { pkgs, ... }:

+let
+  identity = import ../resources/identity.nix;
+in
 {
  users.mutableUsers = false;

-  users.groups.ak.gid = 1000;
-  users.users.ak = {
+  users.groups.${identity.username}.gid = 1000;
+  users.users.${identity.username} = {
    isNormalUser = true;
    uid = 1000;
-    group = "ak";
+    group = identity.username;
    extraGroups = [ "wheel" ];
-    description = "Andrew";
-    hashedPassword = builtins.readFile ../local/resources/ak.passwd;
+    description = identity.name.short;
+    hashedPassword = builtins.readFile ../local/resources/${identity.username}.passwd;
    shell = pkgs.zsh;
-    openssh.authorizedKeys.keys = [ (builtins.readFile ../resources/andrew.pub) ];
+    openssh.authorizedKeys.keys = [ identity.ssh ];
  };
 }
--- a/common/components/virtualization.system.nix
+++ b/common/components/virtualization.system.nix
@ -1,3 +1,6 @@
+let
+  identity = import ../resources/identity.nix;
+in
 {
  # Containers
  virtualisation.containers.registries.search = [ "docker.io" ];
@ -8,5 +11,5 @@
  virtualisation.libvirtd.enable = true;

  # Permissions
-  users.users.ak.extraGroups = [ "docker" "libvirtd" "podman" ];
+  users.users.${identity.username}.extraGroups = [ "docker" "libvirtd" "podman" ];
 }
--- a/common/resources/identity.nix
+++ b/common/resources/identity.nix
@ -0,0 +1,10 @@
+{
+  name.long = "Andrew Kvalheim";
+  name.short = "Andrew";
+  username = "ak";
+  email = "andrew@kvalhe.im";
+  openpgp.id = "0x9254D45940949194";
+  openpgp.asc = ./andrew.asc;
+  ssh = builtins.readFile ./andrew.pub;
+  image = ./andrew.jpg;
+}
--- a/common/system.nix
+++ b/common/system.nix
@ -3,7 +3,7 @@
 let
  inherit (config) host;

-  # Resources
+  identity = import ./resources/identity.nix;
  palette = import ./resources/palette.nix;
 in
 {
@ -44,7 +44,7 @@ in
        allowDiscards = true;
        fallbackToPassword = true;
        gpgCard.encryptedPass = ./local/resources/luks-passphrase.gpg;
-        gpgCard.publicKey = ./resources/andrew.asc;
+        gpgCard.publicKey = identity.openpgp.asc;
      };
    };
    fileSystems."/".options = [ "compress=zstd:2" "discard=async" "noatime" ];
--- a/common/user.nix
+++ b/common/user.nix
@ -1,5 +1,8 @@
 { config, lib, ... }:

+let
+  identity = import ./resources/identity.nix;
+in
 {
  # Workaround for nix-community/home-manager#2333
  disabledModules = [ "config/i18n.nix" ];
@ -32,8 +35,8 @@
    manual.html.enable = true;

    # User
-    home.username = "ak";
-    home.homeDirectory = "/home/ak";
-    home.file.".face".source = ./resources/andrew.jpg;
+    home.username = identity.username;
+    home.homeDirectory = "/home/${identity.username}";
+    home.file.".face".source = identity.image;
  };
 }
--- a/hosts/main/system.nix
+++ b/hosts/main/system.nix
@ -1,5 +1,8 @@
 { lib, pkgs, ... }:

+let
+  identity = import ../../common/resources/identity.nix;
+in
 {
  imports = [
    ../../common/system.nix
@ -82,7 +85,7 @@

  # Wireshark
  programs.wireshark.enable = true;
-  users.users.ak.extraGroups = [ "usbmux" "wireshark" ];
+  users.users.${identity.username}.extraGroups = [ "usbmux" "wireshark" ];

  # UniFi Network application
  allowedUnfree = [ "unifi-controller" ];
--- a/packages/attachments.nix
+++ b/packages/attachments.nix
@ -1,5 +1,5 @@
 { yarn2nix-moretea }:

 (yarn2nix-moretea.mkYarnWorkspace {
-  src = /home/ak/akorg/project/current/andrew.kvalhe.im/andrew.kvalhe.im;
+  src = ~/akorg/project/current/andrew.kvalhe.im/andrew.kvalhe.im;
 }).attachments
--- a/packages/email-hash.nix
+++ b/packages/email-hash.nix
@ -9,7 +9,7 @@ rustPlatform.buildRustPackage rec {
  version = "0.2.2";

  src = fetchGit {
-    url = "/home/ak/akorg/project/current/email-hash/email-hash";
+    url = ~/akorg/project/current/email-hash/email-hash;
    ref = "v${version}";
  };

--- a/packages/resources/add-words
+++ b/packages/resources/add-words
@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail

-cd '/home/ak/src/configuration'
+cd "$HOME/src/configuration"

 message='Update spell check word list'
 txt='common/resources/words.txt'
--- a/packages/resources/organize-downloads
+++ b/packages/resources/organize-downloads
@ -2,10 +2,10 @@
 set -Eeuo pipefail
 shopt -s nullglob

-intermediate_dir='/home/ak/screenshots/.unoptimized'
-screenshots_dir='/home/ak/screenshots'
+intermediate_dir="$HOME/screenshots/.unoptimized"
+screenshots_dir="$HOME/screenshots"

-for source in /home/ak/Downloads/Screen{s,\ S}hot\ *.png; do
+for source in ~/Downloads/Screen{s,\ S}hot\ *.png; do
  while (( $(date +%s) - $(date '+%s' --reference "$source") <= 1 )); do
    echo "Waiting for file to settle: $source"
    sleep 1s