From 1035a6a78527db44f4dc5c85313f93f57f52bd28 Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Sat, 5 Oct 2024 17:03:22 +0200 Subject: [PATCH] add sandbox users --- share/common.nix | 9 ------ share/home.nix | 7 ----- share/users.nix | 74 ++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 69 insertions(+), 21 deletions(-) diff --git a/share/common.nix b/share/common.nix index 915c4ed..6543d55 100644 --- a/share/common.nix +++ b/share/common.nix @@ -113,15 +113,6 @@ in neededForBoot = true; }; - # bind mount to have user homes - fileSystems."/home" = - { device = "/data/home"; - fsType = "none"; - neededForBoot = true; - options = [ "bind" ]; - depends = [ "/data" ]; - }; - # bind mount to have root home fileSystems."/root" = { device = "/data/root"; diff --git a/share/home.nix b/share/home.nix index fcd473b..aaec33c 100644 --- a/share/home.nix +++ b/share/home.nix @@ -126,13 +126,6 @@ enableZshIntegration = true; }; - # enable keychain, we use the main user key - programs.keychain = { - enable = true; - enableZshIntegration = true; - keys = [ "/home/cullmann/.ssh/id_ed25519" ]; - }; - # https://github.com/nix-community/nix-direnv programs.direnv = { enable = true; diff --git a/share/users.nix b/share/users.nix index d676bba..0d4b0bb 100644 --- a/share/users.nix +++ b/share/users.nix @@ -20,7 +20,6 @@ in # # administrator # - users.root = { # init password hashedPassword = builtins.readFile "/data/nixos/secret/password.secret"; @@ -32,8 +31,10 @@ in # # my main user # - users.cullmann = { + # home on persistent volume + home = "/data/home/cullmann"; + # hard code UID for stability over machines uid = 1000; @@ -52,6 +53,42 @@ in # use fixed auth keys openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; }; + + # + # sandbox for lutris and steam games + # + users.sandbox-games = { + # home on persistent volume + home = "/data/home/sandbox-games"; + + # hard code UID for stability over machines + # out of range of normal login users + uid = 32000; + + # normal user + isNormalUser = true; + + # sandbox user + description = "Sandbox Games"; + }; + + # + # sandbox for kde development + # + users.sandbox-kde = { + # home on persistent volume + home = "/data/home/sandbox-kde"; + + # hard code UID for stability over machines + # out of range of normal login users + uid = 32001; + + # normal user + isNormalUser = true; + + # sandbox user + description = "Sandbox KDE"; + }; }; # home manager settings @@ -62,8 +99,35 @@ in # use global pkgs useGlobalPkgs = true; - # use shared home manager settings - users.root = import ./home.nix; - users.cullmann = import ./home.nix; + # root just with shared home manager settings + users.root = { + # shared config + imports = [ ./home.nix ]; + }; + + # main user with extra settings + users.cullmann = { + # shared config + imports = [ ./home.nix ]; + + # enable keychain, we use the main user key + programs.keychain = { + enable = true; + enableZshIntegration = true; + keys = [ "/data/home/cullmann/.ssh/id_ed25519" ]; + }; + }; + + # games user with extra settings + users.sandbox-games = { + # shared config + imports = [ ./home.nix ]; + }; + + # kde user with extra settings + users.sandbox-kde = { + # shared config + imports = [ ./home.nix ]; + }; }; }