+1

modules/den.nix

reviewed

··· 2 2 { 3 3 _module.args.__findFile = den.lib.__findFile; 4 4 den.ctx.user.includes = [ den._.mutual-provider ]; 5 5 + flake.den = den; 5 6 imports = [ 6 7 inputs.den.flakeModule 7 8 (inputs.den.namespace "styx" true)

+13 -12

modules/groups.nix

reviewed

··· 1 1 - { den, lib, ... }: 2 2 - let 3 3 - groupsModule = groups: user: { 4 4 - nixos.users.users.${user.userName}.extraGroups = lib.flatten [ groups ]; 5 5 - }; 6 6 - in 1 1 + { styx, den, ... }: 7 2 { 8 8 - styx.groups = 9 9 - groups: 10 10 - den.lib.parametric { 11 11 - includes = [ 12 12 - ({ user, ... }: groupsModule groups user) 13 13 - ]; 3 3 + styx.batteries._.privileged-user = 4 4 + { user, ... }: 5 5 + { 6 6 + nixos = 7 7 + { lib, config, ... }: 8 8 + { 9 9 + config.users.users.${user.userName}.extraGroups = config.users.privilegedGroups; 10 10 + options.users.privilegedGroups = lib.mkOption { 11 11 + type = lib.types.listOf lib.types.str; 12 12 + default = [ ]; 13 13 + }; 14 14 + }; 14 15 }; 15 16 }

+1

modules/quasi.nix

reviewed

··· 3 3 den.aspects.quasi = { 4 4 includes = [ 5 5 <den/primary-user> 6 6 + <styx/batteries/privileged-user> 6 7 <styx/helix/with-tools> 7 8 <styx/nushell> 8 9 <styx/shell>

+2 -1

modules/virtualisation.nix

reviewed

··· 2 2 { 3 3 styx.virt.provides = { 4 4 qemu = { 5 5 - includes = [ (styx.groups "kvm") ]; 6 5 nixos = 7 6 { pkgs, ... }: 8 7 { 9 8 boot.kernelParams = [ "amd_iommu=on" ]; 9 9 + users.privilegedGroups = [ "kvm" ]; 10 10 networking.firewall.trustedInterfaces = [ "virbr0" ]; 11 11 programs.virt-manager.enable = true; 12 12 environment.systemPackages = with pkgs; [ ··· 23 23 waydroid.nixos.virtualisation.waydroid.enable = true; 24 24 docker.nixos = { 25 25 virtualisation.docker.enable = true; 26 26 + users.privilegedGroups = [ "docker" ]; 26 27 networking.firewall.trustedInterfaces = [ "docker0" ]; 27 28 }; 28 29 podman.nixos = {