feat: build a much more minimal config for installing

2025-10-11 07:10:39 +02:00 · 2023-09-26 21:43:23 +02:00 · 2023-09-26 21:43:23 +02:00 · 73d7a42879
commit 73d7a42879
parent 73897f648d
11 changed files with 136 additions and 113 deletions
--- a/users/myuser/default.nix
+++ b/users/myuser/default.nix
@ -1,54 +1,57 @@
 {
  config,
+  lib,
  pkgs,
+  minimal,
  ...
 }: let
  myuser = config.repo.secrets.global.myuser.name;
-in {
-  users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
-  users.users.${myuser} = {
-    uid = 1000;
-    inherit (config.repo.secrets.global.myuser) hashedPassword;
-    createHome = true;
-    group = myuser;
-    extraGroups = ["wheel" "input" "video"];
-    isNormalUser = true;
-    autoSubUidGidRange = false;
-    shell = pkgs.zsh;
-  };
-
-  repo.secretFiles.user-myuser = ./secrets/user.nix.age;
-
-  age.secrets.my-gpg-pubkey-yubikey = {
-    rekeyFile = ./secrets/yubikey.gpg.age;
-    group = myuser;
-    mode = "640";
-  };
-
-  age.secrets.mailpw-206fd3b8 = {
-    rekeyFile = ./secrets/mailpw-206fd3b8.age;
-    group = myuser;
-    mode = "640";
-  };
-
-  home-manager.users.${myuser} = {
-    imports = [
-      ../modules
-      ./dev
-      ./graphical
-      ./neovim
-
-      ./git.nix
-      ./gpg.nix
-      ./ssh.nix
-    ];
-
-    # Remove dependence on username (which also comes from these secrets) to
-    # avoid triggering infinite recursion.
-    userSecretsName = "user-myuser";
-    home = {
-      inherit (config.users.users.${myuser}) uid;
-      username = config.users.users.${myuser}.name;
+in
+  lib.optionalAttrs (!minimal) {
+    users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
+    users.users.${myuser} = {
+      uid = 1000;
+      inherit (config.repo.secrets.global.myuser) hashedPassword;
+      createHome = true;
+      group = myuser;
+      extraGroups = ["wheel" "input" "video"];
+      isNormalUser = true;
+      autoSubUidGidRange = false;
+      shell = pkgs.zsh;
    };
-  };
-}
+
+    repo.secretFiles.user-myuser = ./secrets/user.nix.age;
+
+    age.secrets.my-gpg-pubkey-yubikey = {
+      rekeyFile = ./secrets/yubikey.gpg.age;
+      group = myuser;
+      mode = "640";
+    };
+
+    age.secrets.mailpw-206fd3b8 = {
+      rekeyFile = ./secrets/mailpw-206fd3b8.age;
+      group = myuser;
+      mode = "640";
+    };
+
+    home-manager.users.${myuser} = {
+      imports = [
+        ../modules
+        ./dev
+        ./graphical
+        ./neovim
+
+        ./git.nix
+        ./gpg.nix
+        ./ssh.nix
+      ];
+
+      # Remove dependence on username (which also comes from these secrets) to
+      # avoid triggering infinite recursion.
+      userSecretsName = "user-myuser";
+      home = {
+        inherit (config.users.users.${myuser}) uid;
+        username = config.users.users.${myuser}.name;
+      };
+    };
+  }
--- a/users/myuser/graphical/default.nix
+++ b/users/myuser/graphical/default.nix
@ -37,6 +37,9 @@
      zathura
    ];

+    # TODO audible bell in qt pinentry drives me nuts
+    # TODO secureboot -> use pam yubikey login
+    # TODO keyboard stays lit on poweroff -> add systemd service to disable it on shutdown
    # TODO on neogit close do neotree update
    # TODO kitty terminfo missing with ssh root@localhost
    # TODO nix repl cltr+del doesnt work