Commit 88741dd

HPCesia <me@hpcesia.com>
2026-03-20 13:15:52
refactor: user den aspects
den
1 parent 08c94b9
modules/hosts/kevin/default.nix
@@ -12,6 +12,7 @@
   den.hosts.x86_64-linux.kevin = {
     usage = "laptop";
     pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOO9CyAqGo/WbJkncrt1a9jxS1E+hd550SC4A08I/l0/ root@kevin";
+    hashedPasswordAged = ./hashed-password.age;
     users.hpcesia.classes = ["homeManager"];
     instantiate = {modules}:
       inputs.nixpkgs.lib.nixosSystem {
@@ -43,8 +44,6 @@
         desktop
         dev
         game
-        user-root
-        user-hpcesia
         ssh-host-pardofelis
       ])
       ++ (
@@ -63,7 +62,6 @@
                 desktop
                 dev
                 game
-                user-hpcesia
               ])
               ++ [config.flake.modules.homeManager."hosts/kevin"];
           };
modules/hosts/kevin/hashed-password.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 fNSSHCGWppnzCbvnOTqMXYaDDcMUDbhq9Gcpep6Ptxs
+2z9anwuqN40iehOlNJISr+H/B52jdT/Ap+F39rall/k
+-> /#KdmAou-grease -Jvn)QSy '1| yW&U8Oug
+V+Ut2sKQkI9AlIPyd3IhP3EXpTZUAcb5Lvqr4b2dwBhq8rvrHgGafsNQdxS+4w32
+u3cNo1rueQqP1nxIZTiJkYJ1HfPKqgac/Y6CPj1k57ezbhbEUL4n0i4HFQ
+--- RFilzKFUuwsnY2QbQ/FONd6afgg1SJ2k7oxE3McFNfI
+���%&�c�~����oH��\�p�4 Lcm���BΥ(/�f͑�OS(�a
+5��_����ϓ	���ҋ̔9�uXfɨA5��d5ڍ����n�W4m��L[xZE��b.�
\ No newline at end of file
modules/hosts/pardofelis/default.nix
@@ -11,8 +11,10 @@
   #############################################################
   den.hosts.x86_64-linux.pardofelis = {
     usage = "server";
-    sshPorts = [23930];
     pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEuT/WkeA7btTeATmWJ2O9f/A6FI0Gl/1KjPGfHbWD5C root@pardofelis";
+    hashedPasswordAged = ./hashed-password.age;
+    sshPorts = [23930];
+    authorizedKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMKaGC2I3an4AJDeWzVx5vhm63+kxi6zJNdh7yEp6CK hpcesia@kevin"];
     users.hpcesia = {};
     instantiate = {modules}:
       inputs.nixpkgs.lib.nixosSystem {
@@ -42,8 +44,6 @@
     imports =
       (with config.flake.modules.nixos; [
         core
-        user-hpcesia
-        user-root
       ])
       ++ (
         map
modules/hosts/pardofelis/hashed-password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 +QyOuXj2AQWmrHZgzp8nSeuglcoZlMPqWilqF7FmZUo
+f+37GiPBj04YXaO5+iH+ItxkC/YIICBU34xZKDvlpm8
+-> *AeO%}-grease
+5yZGZXYlT4UiQzYT8mUVtk4+Tuz4t/AB4T9/dgnG
+--- 2mPiuGKAyE7Uepfe5VPjctaHjDxjhOKUMutqFfo2j/o
+��@,N���aԽ��y�������((�aR���?�]��>���6v�ӧ_�{pN��N�
/&\C�8���M��&�M��6`����ȧ2��q�ݸ��o�s
\ No newline at end of file
modules/hosts/default.nix
@@ -9,7 +9,21 @@ in {
     };
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
   };
+
   den.default.includes = [
     <den/hostname>
+
+    <default/host>
   ];
+
+  den.aspects.default.provides.host = {host, ...}: {
+    nixos = {config, ...}: {
+      users.users.root = {
+        hashedPasswordFile = config.vaultix.secrets."${host.name}-hashed-password".path;
+        openssh.authorizedKeys.keys = host.authorizedKeys;
+      };
+
+      vaultix.secrets."${host.name}-hashed-password".file = host.hashedPasswordAged;
+    };
+  };
 }
modules/hosts/schema.nix
@@ -17,10 +17,19 @@
       type = lib.types.str;
       description = "Public SSH key for the host.";
     };
+    options.hashedPasswordAged = lib.mkOption {
+      type = lib.types.pathInStore;
+      description = "Age encrypted hashed password file path for host root user.";
+    };
     options.sshPorts = lib.mkOption {
       type = lib.types.listOf lib.types.port;
       description = "List of ports to open for SSH access.";
       default = [22];
     };
+    options.authorizedKeys = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = "List of authorized keys for host root user.";
+      default = [];
+    };
   };
 }
modules/users/hpcesia/default.nix
@@ -1,16 +1,20 @@
-{lib, ...}: {
-  flake.modules.nixos.user-hpcesia = {config, ...}: {
+{
+  lib,
+  den,
+  ...
+}: let
+  inherit (den.lib) __findFile;
+in {
+  den.aspects.hpcesia.includes = [
+    <den/primary-user>
+  ];
+
+  den.aspects.hpcesia.nixos = {config, ...}: {
     users.users.hpcesia = {
       description = "HPCesia";
-      home = "/home/hpcesia";
       hashedPasswordFile = config.vaultix.secrets.user-hpcesia-hashed-password.path;
-      isNormalUser = true;
       extraGroups =
         [
-          "hpcesia"
-          "users"
-          "networkmanager"
-          "wheel"
           "nix-secrets-ssh-hosts"
         ]
         ++ (lib.optionals config.virtualisation.podman.enable ["podman"])
@@ -21,15 +25,8 @@
       ];
     };
 
-    users.groups.hpcesia = {};
-
     users.groups.nix-secrets-ssh-hosts = {};
 
     vaultix.secrets.user-hpcesia-hashed-password.file = ./hashed-password.age;
   };
-
-  flake.modules.homeManager.user-hpcesia = _: {
-    home.username = "hpcesia";
-    home.homeDirectory = "/home/hpcesia";
-  };
 }
modules/users/root/default.nix
@@ -1,10 +0,0 @@
-{
-  flake.modules.nixos.user-root = {config, ...}: {
-    users.users.root = {
-      hashedPasswordFile = config.vaultix.secrets.user-root-hashed-password.path;
-      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFMKaGC2I3an4AJDeWzVx5vhm63+kxi6zJNdh7yEp6CK hpcesia@kevin"];
-    };
-
-    vaultix.secrets.user-root-hashed-password.file = ./hashed-password.age;
-  };
-}
modules/users/root/hashed-password.age
Binary file
modules/users/default.nix
@@ -0,0 +1,25 @@
+{
+  lib,
+  den,
+  ...
+}: let
+  inherit (den.lib) __findFile;
+in {
+  den.default.includes = [
+    <default/user>
+  ];
+  den.aspects.default.provides.user = {user, ...}: {
+    nixos = {
+      users.users.${user.userName} = {
+        home = lib.mkDefault "/home/${user.userName}";
+        isNormalUser = true;
+        extraGroups = [user.userName];
+      };
+      users.groups.${user.userName} = {};
+    };
+    homeManager = {
+      home.username = user.userName;
+      home.homeDirectory = "/home/${user.userName}";
+    };
+  };
+}
secrets/cache/kevin/10869e289adfacf42e7b6e77cf32a4a8cc185bff1231c2353e2df057f7f5d28d
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 WM7kiQ 3KCEWMDaXuvgmYZ2GmrSDI4uD48ntEqhMqZ2A4E6oUE
-ztXal/DUcureswG4+5cZ7KyZZL8k8dByU+DG47b/QA0
--> o7Z7m%-grease .OeqX [z9ug<DJ
-qVlDmufYwoBLfjUBTEt6Altrj/7LyKMFwalDSmflKBw
---- K1E2JiwwK4TD8mkW9TX166QEW0yqia1aW30RYS71t+M
-��6�i𠩔(�=�l���9	�%�h���jx���azZ��Uǻz�&���ПYS�_Ox˯ǔP+�['�����%�Q9o��Om�rv�tEW�[�F	�����I]��
\ No newline at end of file
secrets/cache/kevin/b0c23ce6d7cb28ec4e359d72e2c3983ad3184732ce879826338d005a81327039
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 WM7kiQ xFoyEsWQQoyj/8G6Y6bSGwPtQ2hw4kPZk/1RsDIQjTc
+tmrgX3IXsVsKhNS+6wHPWX7+PHQPDLuPbo+w+EVUlcE
+-> Zq-grease /x~r!wb_ u"Rh0_"; D3oc'
+0RIshcy27GZg8XFV/v7ifZDY
+--- 9DsRhwWN6SiLIaVlEDLTNxZkPr73r7bXwxNsOK1o2Oo
+}):9zY�����X}�0�}��nc��-�j�#Z5���"nԷ�V:Ƒ�K"]���VtOtg�������iˈ�G;C|������7�K�3Iϗ�R�0h�#����
\ No newline at end of file
secrets/cache/pardofelis/051d1f6581329509b5cdb26edec3afa99418f95f2dbfc8a485f91a3c46de59fd
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 B1HLiw sOsec4emyZ/0jcAYa3sxBgHy5eXMLWqEfi2Hvwp3zjM
+OlI+TDgTAta5XQrFBnVHuZUdCEztWiKueMDoNlXiBYU
+-> 8J-grease
+NveZ2MDyL9UIdVz/flniSZVUAWBW3FEY5Jl5CXL6WdtQQR5TG4YgrjDcE93NTQQd
+G2QnLzt2pUYBh1lx2w9QM02SovDUPZ9WzQ7hP8A7gSLw
+--- jq2ogVEEAoEktAH/UDcfHaYZGGu7YIZRw/WzUtKzZq8
+��	�|[��@UF����[�����(k^Ej�|���S*!I�H0��޸S�'.hspW�+C�
+O�Kr�[�=��"��3ʆ���=�ۏ#ѷ�b����C�K�>XMYrI
\ No newline at end of file
secrets/cache/pardofelis/25f0d7cedc32deb310fc0279df14e0ed74f8bf29aa01b938b55f9f054a1cabbc
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 B1HLiw yWo1I5DPVSFLMMJSf2TGsrxPdbX4CuzEb1JSMXUTyXM
-XdG+8O+uR1afBbEi3E3Phbl1jDcs7M4553TXOOAUEII
--> hiHi-grease &z#U "X=>!]{r
-NQ
---- C7owaUL0zLaxRwqIEc+rJWK9KSmcP1uXl8cjN5V4Nxg
-�=�K��A�����#��mq�3x�
2%�t����10�X�I���������~�������A��
-��~�lDQ�TJ�>�@������p�"�#�.d��2m"B�
\ No newline at end of file