Hi everyone,
I’m working on a NixOS configuration approach where I aim to unify all system and user options into a single custom module that would be configured for each host. My goal is to have a minimal configuration file per host that leverages this centralized custom module for most options.
For example, I want to write a configuration like this:
custom = {
system = {
host = "some-pc";
drive = "/dev/nvme1n1";
ssh = true;
};
users = {
user1 = {
name = "User One";
email = "user1@example.com";
passwordHash = "xxx";
sudo = true;
persist.data.folders = [
"dev"
"data"
"media"
"tmp"
];
virtualization.docker.enable = true;
};
user2 = {
name = "User Two";
email = "user2@example.com";
passwordHash = "xxx";
sudo = true;
persist.data.folders = [
"code"
"data"
"media"
"downloads"
];
virtualization.docker.enable = false;
}
};
};
In this setup, I want the system-wide Docker service to be enabled if any user has virtualization.docker.enable = true. like in this case, some user options have dependencies on system options. For example, enabling Docker for a user should automatically ensure that the system-wide Docker service is enabled.
I am using Home Manager modules and would like to unify all Nix options into my custom modules. This way, for every host, I only need to write a minimal configuration under custom.
Is there a way to achieve this with a NixOS module? How can I write a module that checks user configurations and enables system options based on these user-specific settings and their dependencies?
Any guidance, examples, or pointers would be greatly appreciated!
Thanks in advance for your help!
This is pretty similar to what I do in my config. I define a bunch of modules with settings under nixos.callan then within the modules enable the system/home-manager settings that I need. Then I have a per host config file that is mostly enabling the set of modules that is relevant for the host. Unfortunately I haven’t been great at keeping secrets out of the config so not ready to share the repo yet!
The most important thing I think is to embrace the options system. You don’t necessarily need to have well specified options for your custom modules but it does help.
For something like setting system wide options if a user has something enabled - just loop through the users and set the system wide option if a user needs it, this will be automatically merged. This will work fine for enabling docker, if the option needs to be combined in a weird way for multiple users you might have to do something more complicated though.
Other thing that helped in some cases is you can set home manager options from within a ‘system’ module. You don’t need to separate out all your home manager options into their own place in the config. Here’s an example setting ssh options in both home-manager and from the system for a single user:
{ lib, config, ... }:
with lib;
let
cfg = config.nixos.callan.ssh;
in
{
options.nixos.callan.ssh = {
enable = mkEnableOption "SSH";
};
config = mkIf cfg.enable
{
# Set some system wide options
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
users.users.callan = {
openssh.authorizedKeys.keys = "SOME KEY";
};
# Set some home manager options
home-manager.users.callan = {
programs.ssh.enable = true;
programs.ssh.extraConfig = ''
SomeHost
user callan
''
}
};
}
If you want a more complex example let me know - I can try cleaning up one of my other modules.
Thank you for the response!
Your approach sounds quite similar to what I aim to achieve. Iterating over the users to enable system-wide options based on their configuration is indeed a practical solution, and I’ll explore that further.
However, I still face a challenge when it comes to defining deeply nested options within my custom module. Specifically, I need to define options under custom.users.<user>.some.deep.nested.module in multiple files. These options are nested under custom.users that is defined as lib.types.attrsOf (lib.types.submodule { ... }).
I couldn’t figure out how Home Manager handles this. Could you or anyone else provide some guidance on this? Any examples or pointers would be greatly appreciated!
Ah yeah - I’ve avoided that by doing user specific config more like custom.some.module.<user> = {} rather than custom.users.<user>.some.module = {}.
From what I’ve read it should be possible to do it the way you want though - check out this thread for an example.
I’m unable to overcome a recursion error with the resulting code:
{ inputs, config, libutils, lib, ... }:
{
options = libutils.modules.mkOpts {
user.desktops.hyprhot.enable = lib.mkEnableOption "hyprhot";
};
config = libutils.modules.mkIfAnyUser config (_: user: user.desktops.hyprhot.enable) (
{
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ];
};
} // libutils.modules.perUserHomeManager config (_: user: {
wayland.windowManager.hyprland = {
enable = true;
package = inputs.hyprland.packages.${config.opts.system.platform}.hyprland;
extraConfig = ''
...
'';
};
})
);
}
and libutils.modules =
{ lib, ... }:
let
anyMapAttrs = filter: attrs: lib.any (lib.mapAttrsToList (key: value: filter key value) attrs);
anyUser = config: filter: anyMapAttrs filter config.opts.users;
mkIfAnyUser = config: filter: content: lib.mkIf (anyUser config filter) (lib.mkMerge [content]);
perUser = config: function: lib.mkMerge (lib.mapAttrsToList function config.opts.users);
perUserHomeManager = config: function: perUser config (name: user: {
home-manager = {
users = {
${name} = function name user;
};
};
});
mkOpts = { system ? {}, user ? {} }: {
opts.system = (mkSystemOpts system);
opts.users = (mkUserOpts user);
};
mkUserOpts = options: {
users = lib.mkOption {
type = lib.types.attrsetOf (lib.types.submodule {
options = options;
});
default = {};
};
};
mkSystemOpts = options: {
system = lib.mkOption {
type = lib.types.submodule {
options = options;
};
default = {};
};
};
in
{
inherit mkIfAnyUser;
inherit mkOpts;
inherit perUser;
inherit perUserHomeManager;
}
I don’t understand how this in impossible but nixpkgs/nixos/modules/services/mail/postfix.nix at 1796324dc17f1302d2ced788384ce0d77a8b944d · NixOS/nixpkgs · GitHub works
Hmm it’s not obvious what the issue is to me from the snippets - could you share a minimal failing example in a repo?
Basically whenever I do
{ lib, config, ... }:
let
fun = config: lib.mapAttrsToList
(key: value: {
home-manager = {
users = {
${name} = function name user;
};
};
})
config.users
in
{
config = mkIf config.some.option.enable (fun config)
}
I have decided to define my options as a extra parameter, this makes my modules less flexible but i don’t have to worry about infinite recursion. Regardless I would still like to know why my previous approach didn’t work.
Again would help to have a repo with a complete example of minimal failing code. I don’t want to have to jump through hoops of scaffolding and getting incomplete code to run just to see the error.
looking over it again one thing you could try is (and anywhere else you do similar).
perUserHomeManager = config: function: perUser config (name: user: {
home-manager.users.${name} = function name user;
};
});
There was a good nix hour ep that described common causes of infinite recursion and I think that was one of them: https://www.youtube.com/watch?v=cZjOzOHb2ow
sorry for not providing a repo. I wasn’t able to reproduce the problem without copying large parts of the code. My solution was passing my options via special args. Not ideal mhhh. @cannedmoose thanks for your help 