feat(users): add FGD to our users, allowing access to buildiso (and e…

…xa -> eza)

devshell/flake-module.nix

@@ -83,7 +83,7 @@
           }
           {
             name = "buildiso-remote";
-            help = "Spawn a buildiso shell on the iso-runner builder";
+            help = "Spawns a buildiso shell on the iso-runner builder";
             category = "infra-nix";
             command = ''
               # We are assuming the NixOS user is named the same as the one using it

flake.nix

@@ -8,6 +8,7 @@
     # Devshell to set up a development environment
     devshell.url = "github:numtide/devshell";
     devshell.inputs.nixpkgs.follows = "nixpkgs";
+    devshell.inputs.systems.follows = "systems";
 
     # Used by multiple flakes, have them use the same version
     flake-compat.url = "github:edolstra/flake-compat";
@@ -17,12 +18,21 @@
     flake-parts.url = "github:hercules-ci/flake-parts";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
 
+    # Required by pre-commit-hooks
+    flake-utils.url = "github:numtide/flake-utils";
+    flake-utils.inputs.systems.follows = "systems";
+
+    # Gitignore common input
+    gitignore.url = "github:hercules-ci/gitignore.nix";
+    gitignore.inputs.nixpkgs.follows = "nixpkgs";
+
     # Home-manager for dotfile management
     home-manager.url = "github:nix-community/home-manager";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     # The single source of truth
     nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05";
 
     # Our mailserver
     nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
@@ -38,14 +48,19 @@
     # Pre-commit hooks via nix-shell or nix develop
     pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
     pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";
+    pre-commit-hooks.inputs.flake-utils.follows = "flake-utils";
+    pre-commit-hooks.inputs.gitignore.follows = "gitignore";
     pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
+    pre-commit-hooks.inputs.nixpkgs-stable.follows = "nixpkgs-stable";
 
     # SSH keys of maintainers
     keys_nico.url = "https://github.com/dr460nf1r3.keys";
     keys_nico.flake = false;
     keys_tne.url = "https://github.com/justtne.keys";
     keys_tne.flake = false;
-    keys_technetium1.url = "https://github.com/Technetium1.keys";
+    keys_frank.url = "https://github.com/fgd-garuda.keys";
+    keys_frank.flake = false;
+    keys_technetium1.url = "https://github.com/technetium1.keys";
     keys_technetium1.flake = false;
     keys_alexjp.url = "https://github.com/alexjp.keys";
     keys_alexjp.flake = false;
@@ -67,6 +82,9 @@
     src-garuda-website.flake = false;
     src-cloudflare-ipv4.url = "https://www.cloudflare.com/ips-v4";
     src-cloudflare-ipv4.flake = false;
+
+    # Common input
+    systems.url = "github:nix-systems/default";
   };
 
   outputs =
@@ -88,9 +106,7 @@
 
         perSystem = { pkgs, system, ... }: {
           # Enter devshell via "nix run .#apps.x86_64-linux.devshell"
-          apps = {
-            devshell = self.outputs.devShells.${system}.default.flakeApp;
-          };
+          apps.devshell = self.outputs.devShells.${system}.default.flakeApp;
 
           # Run nixpkgs-fmt via "nix fmt"
           formatter = pkgs.nixpkgs-fmt;

home-manager/alexjp.nix

@@ -18,10 +18,6 @@
       enable = true;
       config.theme = "GitHub";
     };
-    exa = {
-      enable = true;
-      enableAliases = true;
-    };
     fish.enable = true;
     git = {
       enable = true;

home-manager/nico.nix

@@ -26,10 +26,6 @@
         theme_background = false;
       };
     };
-    exa = {
-      enable = true;
-      enableAliases = true;
-    };
     fish = {
       enable = true;
     };

nixos/flake-module.nix

@@ -37,6 +37,7 @@ let
     };
     keys = {
       alexjp = inputs.keys_alexjp;
+      frank = inputs.keys_frank;
       nico = inputs.keys_nico;
       pedrohlc = inputs.keys_pedrohlc;
       technetium1 = inputs.keys_technetium1;

nixos/hosts/iso-runner.nix

@@ -12,5 +12,15 @@
     rsyncd.enable = lib.mkForce false;
   };
 
+  # Let maintainers use buildiso (which is a wrapper around the Docker container)
+  # without having to enter a password - our devshell should work just like that
+  security.sudo.extraRules = [{
+    users = [ "frank" ];
+    commands = [{
+      command = "/run/current-system/sw/bin/buildiso";
+      options = [ "NOPASSWD" ];
+    }];
+  }];
+
   system.stateVersion = "23.05";
 }

nixos/modules/common.nix

@@ -54,7 +54,7 @@
     "egrep" = "egrep --color=auto";
     "fgrep" = "fgrep --color=auto";
     "ip" = "ip --color=auto";
-    "ls" = "exa -al --color=always --group-directories-first --icons";
+    "ls" = "eza -al --color=always --group-directories-first --icons";
     "micro" = "micro -colorscheme geany -autosu true -mkparents true";
     "psmem" = "ps auxf | sort -nr -k 4";
     "psmem10" = "ps auxf | sort -nr -k 4 | head -1";
@@ -79,7 +79,7 @@
       "egrep" = "egrep --color=auto";
       "fgrep" = "fgrep --color=auto";
       "ip" = "ip --color=auto";
-      "ls" = "exa -al --color=always --group-directories-first --icons";
+      "ls" = "eza -al --color=always --group-directories-first --icons";
       "micro" = "micro -colorscheme geany -autosu true -mkparents true";
       "psmem" = "ps auxf | sort -nr -k 4";
       "psmem10" = "ps auxf | sort -nr -k 4 | head -1";
@@ -140,7 +140,7 @@
     systemPackages = with pkgs; [
       btop
       cachix
-      exa
+      eza
       fancy-motd
       fishPlugins.autopair
       fishPlugins.puffer