From c24e1ca432bc42028d355cbc34b62629fc58b400 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Sun, 7 May 2023 02:16:31 -0400 Subject: [PATCH] Automount user tmpfs --- machines/tounge/configuration.nix | 1 + modules/linux/default.nix | 6 ++++++ modules/linux/user.nix | 9 +++++++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/machines/tounge/configuration.nix b/machines/tounge/configuration.nix index 273300a..cd7b63f 100644 --- a/machines/tounge/configuration.nix +++ b/machines/tounge/configuration.nix @@ -41,6 +41,7 @@ }; config = { setupGrub = false; + userUid = "1001"; nix = { autoUpdate = true; autoGC = true; diff --git a/modules/linux/default.nix b/modules/linux/default.nix index 7326f33..88dc142 100644 --- a/modules/linux/default.nix +++ b/modules/linux/default.nix @@ -138,6 +138,12 @@ in { description = "Whether to install the 'nathan' user"; type = lib.types.bool; }; + homeTmpfs = mkEnableOptionT "~/.tmp as tmpfs"; + userUid = mkOption { + default = "1000"; + example = "1000"; + description = "UID of the user"; + }; # Should we harden this system? # On by default harden = mkEnableOptionT "Apply system hardening"; diff --git a/modules/linux/user.nix b/modules/linux/user.nix index 31f8b8d..3f9ac6d 100644 --- a/modules/linux/user.nix +++ b/modules/linux/user.nix @@ -19,8 +19,7 @@ in with lib; { }; environment.shells = [ pkgs.fish ]; users = { - # If we install the user and the system is hardended, then disable mutable users - mutableUsers = !(nc.installUser && nc.harden); + mutableUsers = !nc.installUser; # Configure our user, if enabled users."${nc.user}" = mkMerge [ (mkIf nc.installUser { @@ -65,5 +64,11 @@ in with lib; { (mkIf config.nathan.hardware.amdPassthrough { users.users."${nc.user}".extraGroups = [ "libvirtd" ]; }) + (mkIf (nc.homeTmpfs && nc.installUser) { + fileSystems."/home/${nc.user}/.tmp" = { + fsType = "tmpfs"; + options = [ "mode=700" "uid=${nc.userUid}" "gid=100" ]; + }; + }) ]; }