Got local packages working again

config/hardware/spark.nix

@@ -0,0 +1,69 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  system.stateVersion = "20.03";
+
+  boot = {
+    loader = {
+      systemd-boot.enable = true;
+      efi.canTouchEfiVariables = true;
+    };
+    initrd = {
+      availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "rtsx_usb_sdmmc" ];
+      kernelModules = [ ];
+    };
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+  };
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-label/BOOT";
+      fsType = "vfat";
+    };
+
+  hardware = {
+    bluetooth.enable = true;
+
+    cpu.intel.updateMicrocode = true;
+
+    opengl = {
+      driSupport = true;
+      driSupport32Bit = true;
+    };
+
+    pulseaudio.support32Bit = true;
+  };
+
+  networking = {
+    macvlans = {
+      extif0 = {
+        interface = "enp3s0";
+        mode = "bridge";
+      };
+    };
+
+    interfaces = {
+      enp3s0 = {
+        useDHCP = false;
+      };
+      
+      extif0 = {
+        # output of: echo spark-extif0|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
+        macAddress = "02:9c:b7:b6:ad:c4";
+      };
+    };
+  };
+
+  services.xserver.videoDrivers = [ "intel" ];
+  nix.maxJobs = lib.mkDefault 4;
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+}

config/hosts.nix

@@ -130,7 +130,12 @@
 
     pselby-work = { description = "Google Lenovo work laptop."; };
 
-    spark = { description = "Niten's backup desktop."; };
+    spark = {
+      description = "Niten's backup desktop.";
+      rp = "niten";
+      admin-email = "niten@fudo.org";
+      enable-gui = true;
+    };
 
     upstairs-desktop = {
       description = "Upstairs desktop in Russell.";
@@ -144,12 +149,13 @@
       ];
       rp = "niten";
       admin-email = "niten@fudo.org";
-      domain = "rus.selby.ca";
-      site = "russell";
-      profile = "desktop";
     };
 
-    zbox = { description = "Niten's primary desktop.";
-           enable-gui = true;};
+    zbox = {
+      description = "Niten's primary desktop.";
+      rp = "niten";
+      admin-email = "niten@fudo.org";
+      enable-gui = true;
+    };
   };
 }

config/hosts/spark.nix

@@ -0,0 +1,16 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # TODO: remove?
+  nixpkgs.config.permittedInsecurePackages = [
+    "openssh-with-gssapi-8.4p1" # CVE-2021-28041
+  ];
+
+  fudo.slynk.enable = true;
+
+  networking = {
+    interfaces = {
+      extif0 = { useDHCP = true; };
+    };
+  };
+}

config/profiles/common-ui.nix

@@ -12,30 +12,36 @@ in {
 
   boot.tmpOnTmpfs = true;
 
-  system.autoUpgrade.enable = true;
+  environment = mkIf enable-gui {
+    systemPackages = [
+      #libva
+    ];
+  };
 
-  environment.systemPackages = with pkgs; [
-    firefox
-    spotify
-  ];
+  system = {
+    autoUpgrade.enable = true;
+  };
 
   services = {
     xserver = mkIf enable-gui {
-    enable = true;
+      enable = true;
 
-    desktopManager.gnome3.enable = true;
+      desktopManager.gnome3.enable = true;
 
-    displayManager.gdm.enable = true;
+      displayManager.gdm = {
+        enable = true;
+        wayland = true;
+      };
 
-    windowManager.stumpwm.enable = true;
+      windowManager.stumpwm.enable = true;
 
-    # windowManager.session = pkgs.lib.singleton {
-    #   name = "stumpwm";
-    #   start = ''
-    #     ${pkgs.lispPackages.stumpwm}/bin/stumpwm &
-    #     waidPID=$!
-    #   '';
-    # };
+      # windowManager.session = pkgs.lib.singleton {
+      #   name = "stumpwm";
+      #   start = ''
+      #     ${pkgs.lispPackages.stumpwm}/bin/stumpwm &
+      #     waidPID=$!
+      #   '';
+      # };
     };
 
     emacs = {
@@ -44,6 +50,17 @@ in {
       package = pkgs.emacs;
       defaultEditor = true;
     };
+
+    trezord.enable = true;
+  };
+
+  hardware = {
+    bluetooth.enable = true;
+
+    opengl = mkIf enable-gui {
+      driSupport = true;
+      driSupport32Bit = true;
+    };
   };
 
   sound.enable = true;

home-manager/niten.nix

@@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
 
+with lib;
 let
   name = "Niten";
   email = "niten@fudo.org";
@@ -19,6 +20,7 @@ let
     file
     firefox
     fortune
+    git
     gnupg
     guile
     imagemagick

lib/fudo/users-common.nix

@@ -0,0 +1,34 @@
+# Common home-manager config
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  sys = import ../system.nix { inherit lib config; };
+
+  list-contains = lst: item: any (i: i == item) lst;
+
+  domain-realm = domain: domainOpts: domainOpts.gssapi-realm;
+
+  user-realms = username:
+    mapAttrsToList domain-realm
+      (filterAttrs (domain: domainOpts: list-contains domainOpts.local-users username)
+        config.fudo.domains);
+
+  user-principals = username:
+    map (realm: "${username}@${realm}") (user-realms username);
+
+  user-k5login = username: userOpts: let
+    principals = userOpts.k5login ++ (user-principals username);
+  in ''
+    ${concatStringsSep "\n" principals}
+  '';
+
+  user-config = username: userOpts: {
+    home.file.".k5login" = {
+      source = pkgs.writeText "${username}-k5login" (user-k5login username userOpts);
+    };
+  };
+  
+in {
+  config.home-manager.users = mapAttrs user-config sys.local-users;
+}

lib/fudo/users.nix

@@ -150,28 +150,13 @@ in {
     };
   };
 
+  imports = [
+    ./users-common.nix
+  ];
+
   config = let
-    local-host = config.instance.hostname;
-    local-domain = config.fudo.hosts.${local-host}.domain;
-    local-site = config.fudo.hosts.${local-host}.site;
-
-    host-user-list = config.fudo.hosts."${local-host}".local-users;
-    domain-user-list = config.fudo.domains."${local-domain}".local-users;
-    local-users =
-      getAttrs (host-user-list ++ domain-user-list) config.fudo.users;
-
-    host-admin-list = config.fudo.hosts."${local-host}".local-admins;
-    domain-admin-list = config.fudo.domains."${local-domain}".local-admins;
-    site-admin-list = config.fudo.sites."${local-site}".local-admins;
-    local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list;
-
-    host-group-list = config.fudo.hosts."${local-host}".local-groups;
-    domain-group-list = config.fudo.domains."${local-domain}".local-groups;
-    site-group-list = config.fudo.sites."${local-site}".local-groups;
-    local-groups =
-      getAttrs (host-group-list ++ domain-group-list ++ site-group-list)
-      config.fudo.groups;
-
+    sys = import ../system.nix { inherit lib config; };
+    
   in {
     fudo.auth.ldap-server = let
       ldapUsers = (filterAttrs
@@ -211,29 +196,39 @@ in {
           "/home/${userOpts.primary-group}/${username}";
         hashedPassword = userOpts.login-hashed-passwd;
         openssh.authorizedKeys.keys = userOpts.ssh-authorized-keys;
-      }) local-users;
+      }) sys.local-users;
 
       groups = (mapAttrs (groupname: groupOpts: {
         gid = groupOpts.gid;
-        members = filterExistingUsers local-users groupOpts.members;
-      }) local-groups) // {
-        wheel = { members = local-admins; };
+        members = filterExistingUsers sys.local-users groupOpts.members;
+      }) sys.local-groups) // {
+        wheel = { members = sys.local-admins; };
       };
     };
 
-    home-manager.users = let
-      home-manager-users =
-        filterAttrs (username: userOpts: userOpts.home-manager-config != null)
-        local-users;
-      common-user-config = username: {
-        home.file.".k5login" = {
-          source = pkgs.writeText "${username}-k5login" ''
-            ${concatStringsSep "\n" config.fudo.users.${username}.k5login}
-          '';
-        };
-      };
-    in mapAttrs (username: userOpts:
-      userOpts.home-manager-config // (common-user-config username))
-    home-manager-users;
+    home-manager = {
+      useGlobalPkgs = true;
+
+      users = let
+        home-manager-users =
+          filterAttrs (username: userOpts: userOpts.home-manager-config != null)
+            sys.local-users;
+      in mapAttrs (username: userOpts: userOpts.home-manager-config) home-manager-users;
+      
+      # users = let
+      #   home-manager-users =
+      #     filterAttrs (username: userOpts: userOpts.home-manager-config != null)
+      #       local-users;
+      #   common-user-config = username: {
+      #     home.file.".k5login" = {
+      #       source = pkgs.writeText "${username}-k5login" ''
+      #       ${concatStringsSep "\n" config.fudo.users.${username}.k5login}
+      #     '';
+      #     };
+      #   };
+      # in mapAttrs (username: userOpts:
+      #   userOpts.home-manager-config // (common-user-config username))
+      #   home-manager-users;
+    };
   };
 }

lib/system.nix

@@ -0,0 +1,31 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  local-host = config.instance.hostname;
+  local-domain = config.fudo.hosts.${local-host}.domain;
+  local-site = config.fudo.hosts.${local-host}.site;
+
+  host-user-list = config.fudo.hosts."${local-host}".local-users;
+  domain-user-list = config.fudo.domains."${local-domain}".local-users;
+  site-user-list = config.fudo.sites."${local-site}".local-users;
+  local-users =
+    getAttrs (host-user-list ++ domain-user-list ++ site-user-list) config.fudo.users;
+
+  host-admin-list = config.fudo.hosts."${local-host}".local-admins;
+  domain-admin-list = config.fudo.domains."${local-domain}".local-admins;
+  site-admin-list = config.fudo.sites."${local-site}".local-admins;
+  local-admins = host-admin-list ++ domain-admin-list ++ site-admin-list;
+
+  host-group-list = config.fudo.hosts."${local-host}".local-groups;
+  domain-group-list = config.fudo.domains."${local-domain}".local-groups;
+  site-group-list = config.fudo.sites."${local-site}".local-groups;
+  local-groups =
+    getAttrs (host-group-list ++ domain-group-list ++ site-group-list)
+      config.fudo.groups;
+
+in {
+  local-users = local-users;
+  local-admins = local-admins;
+  local-groups = local-groups;
+}