plumjam/nixos - Change 6WVOPNUGZXTHSU3KU5RLLHYQB6BJG7WXPYIRKJBWQAZMG3JZIYIQC

dendritic: Add user configs with hjem.

Created by PlumJam on January 10, 2026

6WVOPNUGZXTHSU3KU5RLLHYQB6BJG7WXPYIRKJBWQAZMG3JZIYIQC

Dependencies

In channels

main

Change contents

File deletion: users-hjem.nix

BF:BFD[4.2] → [3.13933:13971]

BF:BFD[3.13971] → [3.10878:10878]

B:BD[3.10878] → [3.10879:13932]

{ pkgs, keys, config, lib, self, inputs, ... }: let
  inherit (lib) mkIf types;
in {
  options.customUsersHjem = {
    enable = lib.mkEnableOption "hjem users (for dendritic hosts)";
    passwordFile = lib.mkOption {
      type = types.path;
      example = "/run/agenix/password";
      description = "Path to the password secret file";
    };
    primaryUserExtraGroups = lib.mkOption {
      type = with types; listOf str;
      default = [ "wheel" ];
      example = [ "wheel" "networkmanager" "docker" ];
      description = "Extra groups for jam";
    };
  };
  config = mkIf config.customUsersHjem.enable {
    age.secrets.password.rekeyFile = config.customUsersHjem.passwordFile;
    # Pass arguments to hjem modules
    hjem.specialArgs = {
      inherit inputs;
      theme = config.theme;
      isDesktop = config.type == "desktop";
      isServer = config.type == "server";
      isGaming = config.isGaming or false;
      secrets = builtins.mapAttrs (name: secret: secret) config.age.secrets;
    };
    # Propagate all homeModules to all hjem users
    # Append modules to make theme and other NixOS values available as config options
    home.extraModules = builtins.attrValues self.modules.homeModules ++ [
      # First, define the options
      ({ lib, ... }: {
        options.theme = lib.mkOption {
          type = lib.types.attrs;
          default = { };
          description = "Theme configuration from NixOS";
        };
        options.isDesktop = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "Whether this is a desktop system";
        };
        options.isServer = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "Whether this is a server system";
        };
        options.isGaming = lib.mkOption {
          type = lib.types.bool;
          default = false;
          description = "Whether this is a gaming system";
        };
      })
      # Then, set them from the NixOS config (via specialArgs)
      ({ lib, theme, isDesktop, isServer, isGaming, ... }: {
        config.theme = theme;
        config.isDesktop = isDesktop;
        config.isServer = isServer;
        config.isGaming = isGaming;
      })
    ];
    users.users = {
      root = {
        shell                       = pkgs.nushell;
        hashedPasswordFile          = config.age.secrets.password.path;
        openssh.authorizedKeys.keys = keys.admins;
      };
      jam = {
        description                 = "Jam";
        isNormalUser                = true;
        shell                       = pkgs.nushell;
        hashedPasswordFile          = config.age.secrets.password.path;
        openssh.authorizedKeys.keys = keys.admins;
        extraGroups                 = config.customUsersHjem.primaryUserExtraGroups;
      };
    };
    hjem.users = {
      root = {
        user = "root";
        directory = "/home/root";
      };
      jam  = {
        user = "jam";
        directory = "/home/jam";
      };
    };
  };
}

File deletion: immutable-users.mod.nix
BF:BFD[4.2] → [3.83680:83727]
BF:BFD[3.83727] → [3.83579:83579]
B:BD[3.83579] → [3.83580:83679]
```
{
  config.flake.modules.nixosModules.immutable-users =
  {
    users.mutableUsers = false;
  };
}
```

Replacement in modules/users.nix at line 1 [2.70]

B:BD[2.70] → [2.71:778]

{ pkgs, keys, config, lib, ... }: let
  inherit (lib) mkIf types;
in {
  # "customUsers" to avoid conflicts with "users".
  options.customUsers = {
    enable = lib.mkEnableOption "users";
    passwordFile = lib.mkOption {
      type = types.path;
      example = "/run/agenix/password";
      description = "Path to the password secret file";
    };
    primaryUserExtraGroups = lib.mkOption {
      type = with types; listOf str;
      default = [ "wheel" ];
      example = [ "wheel" "networkmanager" "docker" ];
      description = "Extra groups for jam";
    };
    buildUser = lib.mkEnableOption "build user (for CI/CD)";
    forgejoUser = lib.mkEnableOption "forgejo user for forgejo host";
  };

[2.70]

[2.778]

{
  config.flake.modules.nixos.users =
    { pkgs, config, ... }:
    let
      keys = config.flake.keys;
    in
    {
      # users.mutableUsers = false;

Replacement in modules/users.nix at line 10 [2.70]

B:BD[2.779] → [2.779:893]

  config = mkIf config.customUsers.enable {
    age.secrets.password.rekeyFile = config.customUsers.passwordFile;

[2.779]

[2.893]

      users.users = {
        root = {
          shell = pkgs.nushell;
          hashedPasswordFile = config.age.secrets.password.path;
          openssh.authorizedKeys.keys = keys.admins;
        };

Replacement in modules/users.nix at line 17 [2.70]

B:BD[2.894] → [2.894:1104]

    users.users = {
      root = {
        shell                       = pkgs.nushell;
        hashedPasswordFile          = config.age.secrets.password.path;
        openssh.authorizedKeys.keys = keys.admins;

[2.894]

[2.1104]

        jam = {
          description = "Jam";
          isNormalUser = true;
          shell = pkgs.nushell;
          hashedPasswordFile = config.age.secrets.password.path;
          openssh.authorizedKeys.keys = keys.admins;
          extraGroups = [
            "wheel"
            "networkmanager"
          ];
        };

Replacement in modules/users.nix at line 30 [2.70]

B:BD[2.1114] → [2.1114:1473]

      jam = {
        description                 = "Jam";
        isNormalUser                = true;
        shell                       = pkgs.nushell;
        hashedPasswordFile          = config.age.secrets.password.path;
        openssh.authorizedKeys.keys = keys.admins;
        extraGroups                 = config.customUsers.primaryUserExtraGroups;

[2.1114]

[2.1473]

      hjem = {
        clobberByDefault = true;
        users = {
          root = {
            user = "root";
            directory = "/home/root";
          };
          jam = {
            user = "jam";
            directory = "/home/jam";
          };
        };

Insertion in modules/users.nix at line 43 [2.70]
[2.1482]
[2.1482]
```
    };
```

Replacement in modules/users.nix at line 45 [2.70]

B:BD[2.1483] → [2.1483:1777]

      build = mkIf config.customUsers.buildUser {
        description                 = "Build";
        isNormalUser                = true;
        createHome                  = false;
        openssh.authorizedKeys.keys = keys.all;
        extraGroups                 = [ "build" ];
      };

[2.1483]

[2.1777]

  config.flake.modules.darwin.users =
    { pkgs, config, ... }:
    let
      keys = config.flake.keys;
    in
    {
      system.primaryUser = "jam";

Replacement in modules/users.nix at line 53 [2.70]

B:BD[2.1778] → [2.1778:1977]

      forgejo = mkIf config.customUsers.forgejoUser {
        description                 = "Forgejo";
        createHome                  = false;
        openssh.authorizedKeys.keys = keys.admins;

[2.1778]

[2.1977]

      users.users = {
        jam = {
          description = "Jam";
          shell = pkgs.nushell;
          openssh.authorizedKeys.keys = keys.admins;
        };

Deletion in modules/users.nix at line 60 [2.70]
B:BD[2.1986] → [2.1986:1993]
```
    };
```

Replacement in modules/users.nix at line 61 [2.70]

B:BD[2.1994] → [2.1994:2055]

    home-manager.users = {
      root = {};
      jam  = {};

[2.1994]

[2.2055]

      hjem = {
        clobberByDefault = true;
        users.jam = {
          user = "jam";
          directory = "/home/jam";
        };
      };

Deletion in modules/users.nix at line 69 [2.70]
B:BD[2.2062] → [2.2062:2067]
```
  };
```