wymiller/nix-config-v2
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Merge pull request 'Superuser bypass' (#2) from macos-superuser-bypass-refactor into master

Browse Source 
Reviewed-on: #2
This commit is contained in:
Wyatt J. Miller
2025-10-02 08:59:47 -05:00
parent 51beed138e bfa957adcd
commit 8cbdeb4cdc
6 changed files with 66 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
flake.lock generated
View File

@@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749744770, "lastModified": 1757432263,
"narHash": "sha256-MEM9XXHgBF/Cyv1RES1t6gqAX7/tvayBC1r/KPyK1ls=", "narHash": "sha256-qHn+/0+IOz5cG68BZUwL9BV3EO/e9eNKCjH3+N7wMdI=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "536f951efb1ccda9b968e3c9dee39fbeb6d3fdeb", "rev": "1fef4404de4d1596aa5ab2bd68078370e1b9dcdb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -64,11 +64,11 @@
"zon2nix": "zon2nix" "zon2nix": "zon2nix"
}, },
"locked": { "locked": {
"lastModified": 1754941490, "lastModified": 1759330332,
"narHash": "sha256-2AJf0q4u1zakqjr0y4dCyqzdDSil8P5m2YpZxAAzJJw=", "narHash": "sha256-ZKyOgOOm9Itjbc5xi89xMtw+cnnOFfl79zndPMTzKpU=",
"owner": "ghostty-org", "owner": "ghostty-org",
"repo": "ghostty", "repo": "ghostty",
"rev": "5bf632e9cc0e77a578bad983b0cbdf0451ce87d4", "rev": "a5aff0e347b0016e2735d4ec4b4cdca96b5438d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -84,11 +84,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753592768, "lastModified": 1758463745,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "fc3add429f21450359369af74c2375cb34a2d204", "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -129,11 +129,24 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1754767907, "lastModified": 1758360447,
"narHash": "sha256-8OnUzRQZkqtUol9vuUuQC30hzpMreKptNyET2T9lB6g=", "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=",
"rev": "8eaee110344796db060382e15d3af0a9fc396e0e",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1759281824,
"narHash": "sha256-FIBE1qXv9TKvSNwst6FumyHwCRH3BlWDpfsnqRDCll0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c5f08b62ed75415439d48152c2a784e36909b1bc", "rev": "5b5be50345d4113d04ba58c444348849f5585b4a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -149,7 +162,7 @@
"ghostty": "ghostty", "ghostty": "ghostty",
"home-manager": "home-manager", "home-manager": "home-manager",
"nix-flatpak": "nix-flatpak", "nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_3"
} }
}, },
"systems": { "systems": {
@@ -198,27 +211,20 @@
}, },
"zon2nix": { "zon2nix": {
"inputs": { "inputs": {
"flake-utils": [ "nixpkgs": "nixpkgs_2"
"ghostty",
"flake-utils"
],
"nixpkgs": [
"ghostty",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1742104771, "lastModified": 1758405547,
"narHash": "sha256-LhidlyEA9MP8jGe1rEnyjGFCzLLgCdDpYeWggibayr0=", "narHash": "sha256-WgaDgvIZMPvlZcZrpPMjkaalTBnGF2lTG+62znXctWM=",
"owner": "jcollie", "owner": "jcollie",
"repo": "zon2nix", "repo": "zon2nix",
"rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613", "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "jcollie", "owner": "jcollie",
"repo": "zon2nix", "repo": "zon2nix",
"rev": "56c159be489cc6c0e73c3930bd908ddc6fe89613", "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245",
"type": "github" "type": "github"
} }
} }

2
home/git.nix
View File

@@ -15,7 +15,7 @@
extraConfig = { extraConfig = {
init.defaultBranch = "master"; init.defaultBranch = "master";
push.autoSetupRemote = true; push.autoSetupRemote = true;
pull.merge = true; pull.rebase = false;
merge.tool = "nvimdiff"; merge.tool = "nvimdiff";
mergetool.keepBackup = false; mergetool.keepBackup = false;
}; };

17
modules/common/environment.nix
View File

@@ -1,20 +1,23 @@
{ lib, pkgs, ... }: { { lib, pkgs, ... }: {
# Common packages that every system will use
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
vim vim
neovim neovim
usbutils usbutils
coreutils coreutils
lshw
systemd
dmidecode
pciutils pciutils
nix-ld
patchelf patchelf
htop htop
]; ] ++
lib.optionals pkgs.stdenv.isLinux (with pkgs; [
systemd
lshw
dmidecode
nix-ld
]) ++
lib.optionals pkgs.stdenv.isDarwin (with pkgs; [
# nothing here, yet ;)
]);
# Common environment variables that every system will use
environment.variables.EDITOR = "nvim"; environment.variables.EDITOR = "nvim";
} }

49
modules/common/users.nix
View File

@@ -1,30 +1,23 @@
{ lib, pkgs, userName, hostname, ... }:
{ {
lib,
pkgs,
userName,
hostname,
...
} @ args: {
networking.hostName = hostname; networking.hostName = hostname;
users.users."${userName}" = {
home = if pkgs.stdenv.isDarwin
then "/Users/${userName}"
else "/home/${userName}";
description = userName;
} // lib.optionalAttrs pkgs.stdenv.isLinux {
group = "${userName}";
isNormalUser = true;
};
users.groups.wyatt = {};
nix.settings.trusted-users = [userName];
# Don't forget to set a password with passwd! security = lib.optionalAttrs pkgs.stdenv.isLinux {
users.users."${userName}" = lib.mkMerge [ sudo.extraRules = [
{
home =
if pkgs.stdenv.isDarwin
then "/Users/${userName}"
else "/home/${userName}";
description = userName;
}
(lib.mkIf (pkgs.stdenv.isLinux) {
group = "${userName}";
isNormalUser = true;
})
];
security.sudo = {
extraRules = [
{ {
groups = [ "wheel" ]; groups = [ "wheel" ];
commands = [ commands = [
@@ -37,7 +30,9 @@
]; ];
}; };
users.groups.wyatt = {}; environment = lib.optionalAttrs pkgs.stdenv.isDarwin {
etc."sudoers.d/wheel-nopasswd".text = ''
nix.settings.trusted-users = [userName]; %wheel ALL=(ALL:ALL) NOPASSWD: SETENV: ALL
'';
};
} }

2
modules/security/sudo.nix
View File

@@ -5,7 +5,7 @@
}: }:
with lib; { with lib; {
options = { options = {
security.sudo = { security.sudoers = {
needsPassword = mkOption { needsPassword = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;

2
modules/sound/focusrite.nix
View File

@@ -8,7 +8,7 @@
with lib; let with lib; let
cfg = config.sound.hardware.focusrite; cfg = config.sound.hardware.focusrite;
in { in {
options.focusrite = { options.sound.hardware.focusrite = {
enable = mkEnableOption "Focusrite audio interface support"; enable = mkEnableOption "Focusrite audio interface support";
guiSupport = mkOption { guiSupport = mkOption {
type = types.bool; type = types.bool;