diff --git a/externals/home-manager b/externals/home-manager index cbf0667..6aa6556 160000 --- a/externals/home-manager +++ b/externals/home-manager @@ -1 +1 @@ -Subproject commit cbf0667037e6ca16fcc38818b2aa1391de702c6a +Subproject commit 6aa6556bcab6dc0f6398b4daa8404d788fd7a6a2 diff --git a/sets/builder.nix b/sets/builder.nix index 5d201d8..9fae65a 100644 --- a/sets/builder.nix +++ b/sets/builder.nix @@ -3,7 +3,7 @@ { nix.trustedUsers = [ "build" ]; users.users.build = { - isNormalUser = false; + isSystemUser = true; home = "/home/build"; createHome = true; useDefaultShell = true; diff --git a/sets/virtualization.nix b/sets/virtualization.nix index 0d1451c..47b1b33 100644 --- a/sets/virtualization.nix +++ b/sets/virtualization.nix @@ -27,6 +27,7 @@ users.users = { artemis.extraGroups = [ "docker" "lxd" "libvirtd" ]; lxd = { + isSystemUser = true; subUidRanges = [{ startUid = 16777216; count = 16777216; } { startUid = config.users.users.artemis.uid; count = 1; }]; subGidRanges = [{ startGid = 16777216; count = 16777216; } { startGid = 100; count = 1; } { startGid = config.users.groups.artemis.gid; count = 1; }]; }; diff --git a/system/starlight/boot-config.nix b/system/starlight/boot-config.nix index c9b4216..cff07c0 100644 --- a/system/starlight/boot-config.nix +++ b/system/starlight/boot-config.nix @@ -1,7 +1,6 @@ { config, pkgs, ... }: let net_opts = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=60" "x-systemd.device-timeout=5s" "x-systemd.mount-timeout=5s" ]; - luna_opts = net_opts ++ [ "uid=${builtins.toString config.users.users.artemis.uid}" "gid=100" "credentials=/var/private/luna_creds" ]; in { imports = [ ../../externals/systemd-boot-secure ]; diff --git a/system/starlight/default.nix b/system/starlight/default.nix index 5dc6798..02692c6 100644 --- a/system/starlight/default.nix +++ b/system/starlight/default.nix @@ -52,6 +52,13 @@ fileSystems = [ "/" "/media/data" "/media/archive" ]; }; + # Skye user for luna + users.users.skye = { + isSystemUser = true; + uid = 1001; + extraGroups = [ "users" ]; + }; + # Packages services.tor = { enable = true;