mob next [ci-skip] [ci skip] [skip ci]

lastFile:modules/clan/home-profiles/flake-module.nix
2026-01-14 14:01:33 +07:00
parent b2f3a18b21
commit ccd087b00b
9 changed files with 103 additions and 2 deletions
--- a/modules/clan/home-profiles/flake-module.nix
+++ b/modules/clan/home-profiles/flake-module.nix
@@ -1,6 +1,6 @@
 { lib, ... }:
 {
  clan.modules = {
-    commonUser = lib.modules.importApply ./common-user { };
+    home-user = lib.modules.importApply ./home-user { };
  };
 }
--- a/modules/clan/home-profiles/common-user/default.nix
+++ b/modules/clan/home-profiles/common-user/default.nix
--- a/modules/clan/home-profiles/common-user/home.nix
+++ b/modules/clan/home-profiles/common-user/home.nix
--- a/modules/clan/personal-computer/automatic-timezone.nix
+++ b/modules/clan/personal-computer/automatic-timezone.nix
@@ -0,0 +1,8 @@
+{ lib, ... }:
+{
+  services.automatic-timezoned.enable = true;
+  services.geoclue2 = {
+    enableDemoAgent = lib.mkForce true;
+    geoProviderUrl = "https://beacondb.net/v1/geolocate";
+  };
+}
--- a/modules/clan/personal-computer/default.nix
+++ b/modules/clan/personal-computer/default.nix
@@ -0,0 +1,21 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "personal-computer";
+  manifest.description = "A service for configuring personal computer such as printing, automatic-timezone, etc.";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+    perInstance =
+      { ... }:
+      {
+        nixosModule =
+          { inputs, lib, ... }:
+          {
+            imports = [
+              (inputs.import-tree.initFilter (p: !lib.hasSuffix "default.nix" p) ./.)
+            ];
+          };
+      };
+  };
+}
--- a/modules/clan/personal-computer/flake-module.nix
+++ b/modules/clan/personal-computer/flake-module.nix
@@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  clan.modules = {
+    personal-computer = lib.modules.importApply ./default.nix { };
+  };
+}
--- a/modules/clan/personal-computer/mutable-user.nix
+++ b/modules/clan/personal-computer/mutable-user.nix
@@ -0,0 +1,4 @@
+{ lib, ... }:
+{
+  users.mutableUsers = lib.mkForce true;
+}
--- a/modules/clan/personal-computer/printing.nix
+++ b/modules/clan/personal-computer/printing.nix
@@ -0,0 +1,62 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
+  allowManageGroups = [
+    "root"
+    "wheel"
+    "lpadmin"
+  ];
+  polkitAllowGroups = builtins.concatStringsSep "||" (
+    builtins.map (group: ''subject.isInGroup("${group}")'') allowManageGroups
+  );
+
+  printerMember = lib.map (user: user.name) (
+    lib.attrsets.attrsToList (
+      lib.attrsets.filterAttrs (name: value: value.isNormalUser) config.users.users
+    )
+  );
+
+in
+{
+  services.printing = {
+    enable = true;
+    drivers = [
+      pkgs.brlaser
+      pkgs.gutenprint
+    ];
+
+    extraFilesConf = ''
+      SystemGroup ${builtins.concatStringsSep " " allowManageGroups}
+    '';
+  };
+
+  security.polkit = {
+    enable = true;
+
+    extraConfig = ''
+      polkit.addRule(function(action, subject) {
+        var actionMatchs = (
+          action.id.indexOf('org.opensuse.cupspkhelper.mechanism.') === 0
+        );
+        if (actionMatchs) {
+          if (${polkitAllowGroups}) {
+            return polkit.Result.YES
+          }
+        }
+      });
+    '';
+  };
+
+  hardware.sane = {
+    enable = true;
+  };
+
+  users.groups.lpadmin.members = printerMember;
+  users.groups.lp.members = printerMember;
+  users.groups.scanner.members = printerMember;
+
+}