better user config

hosts/nixos/apollo/configuration.nix

@@ -6,7 +6,6 @@
 
   osbmModules = {
     machineType = "server";
-    users = [ "osbm" ];
     services = {
       glance.enable = true;
       # anubis.enable = true;

hosts/nixos/pochita/configuration.nix

@@ -14,6 +14,7 @@
   osbmModules = {
     machineType = "server";
     hardware.systemd-boot.enable = false; # Raspberry Pi uses init-script bootloader
+    familyUser.enable = true;
     services = {
       wanikani-bypass-lessons.enable = true;
       wanikani-fetch-data.enable = true;

hosts/nixos/tartarus/configuration.nix

@@ -7,6 +7,7 @@
   osbmModules = {
     desktopEnvironment.plasma.enable = true;
     machineType = "laptop";
+    familyUser.enable = true;
     emulation.aarch64.enable = true;
     hardware.sound.enable = true;
     programs.steam.enable = true;

hosts/nixos/ymir/configuration.nix

@@ -7,6 +7,7 @@
   osbmModules = {
     desktopEnvironment.plasma.enable = true;
     machineType = "desktop";
+    familyUser.enable = true;
     programs = {
       adbFastboot.enable = true;
       steam.enable = true;

modules/nixos/options.nix

@@ -32,24 +32,18 @@
       description = "Type of machine for appropriate defaults";
     };
 
-    # Users
-    users = lib.mkOption {
-      type = lib.types.listOf lib.types.str;
-      default = [
-        "osbm"
-      ]
-      ++ lib.optionals (
-        config.osbmModules.machineType == "desktop" || config.osbmModules.machineType == "laptop"
-      ) [ "bayram" ];
-      description = "List of users to create. `osbm` is my main user, and `bayram` is for my family (only on desktop/laptop).";
-    };
-
     defaultUser = lib.mkOption {
       type = lib.types.str;
       default = "osbm";
       description = "Default user for the system";
     };
 
+    familyUser.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable family user account";
+    };
+
     # Home Manager
     homeManager = {
       enable = lib.mkOption {

modules/nixos/system/home-manager.nix

@@ -34,8 +34,13 @@
           let
             # Capture the NixOS system config before entering the home-manager scope
             systemConfig = config;
+            # Build list of regular users based on defaultUser and familyUser options
+            regularUsers = [
+              systemConfig.osbmModules.defaultUser
+            ]
+            ++ lib.optional systemConfig.osbmModules.familyUser.enable "bayram";
           in
-          lib.genAttrs (builtins.filter (u: u != "root") config.osbmModules.users) (_username: {
+          lib.genAttrs regularUsers (_username: {
             # Use the system's stateVersion for home-manager
             home.stateVersion = lib.mkDefault systemConfig.system.stateVersion;
             imports = [

modules/nixos/system/impermanence.nix

@@ -6,8 +6,11 @@
   ...
 }:
 let
-  # Filter out 'root' from the users list since it's a special system user
+  # Build list of regular users based on defaultUser and familyUser options
-  regularUsers = builtins.filter (u: u != "root") config.osbmModules.users;
+  regularUsers = [
+    config.osbmModules.defaultUser
+  ]
+  ++ lib.optional config.osbmModules.familyUser.enable "bayram";
 
   # Generate user persistence configuration
   userPersistence = lib.genAttrs regularUsers (_username: {

modules/nixos/system/users.nix

@@ -1,33 +1,40 @@
 { lib, config, ... }:
-let
-  # Filter out 'root' from the users list since it's a special system user
-  regularUsers = builtins.filter (u: u != "root") config.osbmModules.users;
-in
 {
-  config = lib.mkIf (config.osbmModules.users != [ ]) {
+  config = {
     users.users = lib.mkMerge [
-      # Create users based on the list (excluding root)
+      # Default user
-      (lib.genAttrs regularUsers (username: {
-        isNormalUser = true;
-        description = username;
-        initialPassword = "changeme";
-        extraGroups = [
-          "networkmanager"
-        ]
-        ++ lib.optional (username == config.osbmModules.defaultUser) "wheel"
-        ++ lib.optional config.osbmModules.virtualisation.docker.enable "docker"
-        ++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
-      }))
-
-      # Additional configuration for default user (including root if it's default)
       {
         ${config.osbmModules.defaultUser} = {
+          isNormalUser = true;
+          description = config.osbmModules.defaultUser;
+          initialPassword = "changeme";
+          extraGroups = [
+            "wheel"
+            "networkmanager"
+          ]
+          ++ lib.optional config.osbmModules.virtualisation.docker.enable "docker"
+          ++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
           openssh.authorizedKeys.keys = lib.mkDefault [
             "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfnV+qqUCJf92npNW4Jy0hIiepCJFBDJHXBHnUlNX0k"
           ];
         };
       }
 
+      # Family user (bayram)
+      (lib.mkIf config.osbmModules.familyUser.enable {
+        bayram = {
+          isNormalUser = true;
+          description = "bayram";
+          initialPassword = "changeme";
+          extraGroups = [
+            "networkmanager"
+          ]
+          ++ lib.optional config.osbmModules.virtualisation.docker.enable "docker"
+          ++ lib.optional config.osbmModules.programs.adbFastboot.enable "adbusers";
+        };
+      })
+
+      # Root user
       {
         root = {
           initialPassword = "changeme";
@@ -36,8 +43,6 @@ in
           ];
         };
       }
-
     ];
-
   };
 }