forcing root user name

flake.nix

@@ -10,23 +10,84 @@
     _1password-shell-plugins.url = "github:1Password/shell-plugins";
   };
 
-  outputs = { nixpkgs, ... }@inputs:
+  outputs = { self, nixpkgs, ... }@inputs:
     let
       system = "x86_64-linux";
       pkgs = nixpkgs.legacyPackages.${system};
       lib = pkgs.lib;
+
+      userOptions = config: {
+        openssh.authorizedKeys.keyFiles = lib.optionals config.ssh [ ./personal_keys ];
+        extraGroups = lib.optionals config.root [ "wheel" ];
+        shell = lib.mkIf config.shell pkgs.zsh;
+      };
+
+      homeManagerModules = config: [
+        self.homeManagerModules.default {
+          user = config.user;
+          stateVersion = config.stateVersion;
+          profile = config.profile;
+          shell = config.shell;
+          ssh = config.ssh;
+          _1password = config._1password;
+        }
+      ] ++ config.extraImports;
+
     in
     {
       homeManagerModules.default = { ... }: {
         imports = [
-          ./options.nix
+          ./nixosModules/options.nix
           ./home.nix
-          ./git.nix
           inputs._1password-shell-plugins.hmModules.default
         ];
         nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
           "1password-cli"
         ];
+        
+        home.packages = with pkgs; [
+          (writeShellScriptBin "nhmu" ''
+            nix flake update --flake ~/.config/home-manager
+            nix run home-manager -- switch --flake ~/.config/home-manager
+          '')
+        ];
+      };
+
+      nixosModules.default = { config, ... }: {
+        imports = [
+          ./nixosModules/options.nix
+          ./nixosModules/scripts.nix
+          inputs.home-manager.nixosModules.default
+        ];
+        nix.settings.trusted-users = [ "root" "@wheel" ];
+        users.users.${config.user} = {
+          isNormalUser = true;
+        } // userOptions config;
+
+        users.users.root = lib.mkIf config.root (userOptions config);
+        security.sudo-rs = lib.mkIf config.root {
+          enable = true;
+          execWheelOnly = false;
+          wheelNeedsPassword = false;
+          extraConfig = "Defaults        timestamp_timeout=1440";
+        };
+
+        programs.zsh.enable = lib.mkIf config.shell true;
+
+        home-manager = {
+          useUserPackages = true;
+          extraSpecialArgs = { inherit inputs; };
+          users = {
+            ${config.user} = {
+              imports = homeManagerModules config;
+            };
+          } // lib.optionalAttrs config.root {
+            root = {
+              # home.stateVersion = config.stateVersion;
+              imports = homeManagerModules (config // { user = "root"; });
+            };
+          };
+        };
       };
     };
 }

home.nix

@@ -1,22 +1,17 @@
 { config, pkgs, lib, inputs, ... }:
 
 {
-  # imports = [
+  imports = [
+    ./homeManagerModules/git.nix
+    ./homeManagerModules/shell.nix
+    ./homeManagerModules/ssh.nix
     # inputs._1password-shell-plugins.hmModules.default
-  # ];
+  ];
   # Home Manager needs a bit of information about you and the paths it should
   # manage.
   home.username = config.user;
-  home.homeDirectory = "/home/${config.user}";
-
-  # This value determines the Home Manager release that your configuration is
-  # compatible with. This helps avoid breakage when a new Home Manager release
-  # introduces backwards incompatible changes.
-  #
-  # You should not change this value, even if you update Home Manager. If you do
-  # want to update the value, then make sure to first check the Home Manager
-  # release notes.
-  home.stateVersion = "25.05"; # Please read the comment before changing.
+  home.homeDirectory = lib.mkIf (config.user != "root") "/home/${config.user}";
+  home.stateVersion = config.stateVersion;
 
   # The home.packages option allows you to install Nix packages into your
   # environment.
@@ -27,19 +22,10 @@
     busybox
     gnugrep
     dig
-    eza
     gdu
     lazygit
     btop
     yazi
-    (writeShellScriptBin "nhmu" ''
-      nix flake update --flake ~/.config/home-manager
-      nix run home-manager -- switch --flake ~/.config/home-manager
-    '')
-    (writeShellScriptBin "test-hm" ''
-      echo "${config.profile}"
-    '')
-
     # # It is sometimes useful to fine-tune packages, for example, by applying
     # # overrides. You can do that directly here, just don't forget the
     # # parentheses. Maybe you want to install Nerd Fonts with a limited number of
@@ -47,21 +33,6 @@
     # (pkgs.nerdfonts.override { fonts = [ "FantasqueSansMono" ]; })
   ];
 
-  # Home Manager is pretty good at managing dotfiles. The primary way to manage
-  # plain files is through 'home.file'.
-  home.file = {
-    # # Building this configuration will create a copy of 'dotfiles/screenrc' in
-    # # the Nix store. Activating the configuration will then make '~/.screenrc' a
-    # # symlink to the Nix store copy.
-    # ".screenrc".source = dotfiles/screenrc;
-
-    # # You can also set the file content immediately.
-    # ".gradle/gradle.properties".text = ''
-    #   org.gradle.console=verbose
-    #   org.gradle.daemon.idletimeout=3600000
-    # '';
-  };
-
   # Home Manager can also manage your environment variables through
   # 'home.sessionVariables'. These will be explicitly sourced when using a
   # shell provided by Home Manager. If you don't want to manage your shell
@@ -85,54 +56,6 @@
   # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;
 
-  programs.zsh = lib.mkIf config.shell {
-    enable = true;
-    enableCompletion = true;
-    autosuggestion.enable = true;
-    syntaxHighlighting.enable = true;
-    oh-my-zsh = {
-      enable = true;
-      theme = "risto";
-      plugins = [
-        "sudo"
-        "dotenv"
-        "git"
-        "ssh"
-        "ssh-agent"
-      ] ++ lib.optional config._1password "1password";
-    };
-    shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time";
-    # initContent = lib.mkIf config._1password '' 
-    #   source ${config.home.homeDirectory}/.config/op/plugins.sh
-    # '';
-  };
-
-  programs.ssh = lib.mkIf config.ssh {
-    enable = true;
-    extraConfig = ''
-      SetEnv TERM="xterm-256color"
-      ${lib.optionalString config._1password "IdentityAgent ~/.1password/agent.sock"}
-    '';
-    matchBlocks = lib.mkMerge [
-      (lib.mkIf (config.profile == "personal") {
-        "panoptes" = {
-          hostname = "192.168.1.107";
-          user = "panoptes";
-        };
-        "pve5070" = {
-          hostname = "192.168.1.130";
-          user = "root";
-        };
-      })
-      (lib.mkIf (config.profile == "work") {
-        "ubuntu-nvidia" = {
-          hostname = "10.118.46.120";
-          user = "john";
-        };
-      })
-    ];
-  };
-
   # https://developer.1password.com/docs/cli/shell-plugins/nix/
   programs._1password-shell-plugins = lib.mkIf config._1password {
     # enable 1Password shell plugins for bash, zsh, and fish shell

homeManagerModules/shell.nix

@@ -0,0 +1,44 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+  home.packages = with pkgs; [
+    eza
+    (writeShellScriptBin "test-pkgs" ''
+      echo "Hello from ~/.config/home-manager/home.nix!"
+    '')
+  ];
+  programs.zsh = lib.mkIf config.shell {
+    enable = true;
+    enableCompletion = true;
+    autosuggestion.enable = true;
+    # syntaxHighlighting.enable = true;
+    history = {
+      append = true;
+      ignoreAllDups = true;
+      ignorePatterns = [
+        "history"
+        "ls"
+        "eza"
+        "clear"
+      ];
+      save = 1000;
+      size = 1000;
+      share = true;
+    };
+    oh-my-zsh = {
+      enable = true;
+      # theme = "risto";
+      theme = "agnoster";
+      plugins = [
+        "sudo"
+        "dotenv"
+        "git"
+        "ssh"
+        "ssh-agent"
+      ] ++ lib.optional config._1password "1password";
+    };
+    shellAliases.ls = "${pkgs.eza}/bin/eza -lgos type --no-time";
+    initContent = lib.mkIf config._1password '' 
+      source ${config.home.homeDirectory}/.config/op/plugins.sh
+    '';
+  };
+}

homeManagerModules/ssh.nix

@@ -0,0 +1,32 @@
+{ config, lib, ... }:
+{
+  programs.ssh = lib.mkIf config.ssh {
+    enable = true;
+    extraConfig = ''
+      SetEnv TERM="xterm-256color"
+      ${lib.optionalString config._1password "IdentityAgent ~/.1password/agent.sock"}
+    '';
+    matchBlocks = lib.mkMerge [
+      (lib.mkIf (config.profile == "personal") {
+        "panoptes" = {
+          hostname = "192.168.1.107";
+          user = "panoptes";
+        };
+        "pve5070" = {
+          hostname = "192.168.1.130";
+          user = "root";
+        };
+        "nix-test" = {
+          hostname = "192.168.1.36";
+          user = "john";
+        };
+      })
+      (lib.mkIf (config.profile == "work") {
+        "ubuntu-nvidia" = {
+          hostname = "10.118.46.120";
+          user = "john";
+        };
+      })
+    ];
+  };
+}

nixosModules/options.nix

@@ -0,0 +1,56 @@
+{ lib, ... }:
+
+{
+  options.user = lib.mkOption {
+    type = lib.types.str;
+    description = "The username for the Home Manager configuration.";
+  };
+
+  # This value determines the Home Manager release that your configuration is
+  # compatible with. This helps avoid breakage when a new Home Manager release
+  # introduces backwards incompatible changes.
+  #
+  # You should not change this value, even if you update Home Manager. If you do
+  # want to update the value, then make sure to first check the Home Manager
+  # release notes.
+  options.stateVersion = lib.mkOption {
+    type = lib.types.str;
+    description = "The state version when the configuration was initially created";
+  };
+
+  options.profile = lib.mkOption {
+    type = lib.types.enum [ "personal" "work" ];
+    default = "personal";
+    description = "Profile type for the Home Manager configuration.";
+  };
+
+  options.root = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = "Whether enable all the root user stuff";
+  };
+
+  options.shell = lib.mkOption {
+    type = lib.types.bool;
+    default = true;
+    description = "Whether to enable all the zsh stuff";
+  };
+
+  options.ssh = lib.mkOption {
+    type = lib.types.bool;
+    default = true;
+    description = "Whether to enable SSH configuration";
+  };
+
+  options._1password = lib.mkOption {
+    type = lib.types.bool;
+    default = false;
+    description = "Whether to enable 1 password stuff";
+  };
+
+  options.extraImports = lib.mkOption {
+    type = lib.types.listOf lib.types.anything;
+    default = [];
+    description = "Additional Home Manager modules to import";
+  };
+}

nixosModules/scripts.nix

@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+let
+  hostName = config.networking.hostName;
+in
+{
+  environment.systemPackages = with pkgs; [
+    (pkgs.writeShellScriptBin "nfs" ''
+        sudo nixos-rebuild switch --flake $(readlink -f /etc/nixos)#${hostName} --impure
+    '')
+    (pkgs.writeShellScriptBin "nfsu" ''
+        FLAKE=$(readlink -f /etc/nixos)
+        nix flake update --flake $FLAKE --impure
+        sudo nixos-rebuild switch --flake $FLAKE#${hostName} --impure
+    '')
+  ];
+}

options.nix

@@ -1,32 +0,0 @@
-{ lib, ... }:
-
-{
-  options.user = lib.mkOption {
-    type = lib.types.str;
-    description = "The username for the Home Manager configuration.";
-  };
-
-  options.profile = lib.mkOption {
-    type = lib.types.enum [ "personal" "work" ];
-    default = "personal";
-    description = "Profile type for the Home Manager configuration.";
-  };
-
-  options.shell = lib.mkOption {
-    type = lib.types.bool;
-    default = true;
-    description = "Whether to enable all the zsh stuff";
-  };
-
-  options.ssh = lib.mkOption {
-    type = lib.types.bool;
-    default = true;
-    description = "Whether to enable SSH configuration";
-  };
-
-  options._1password = lib.mkOption {
-    type = lib.types.bool;
-    default = false;
-    description = "Whether to enable 1 password stuff";
-  };
-}

personal_keys

@@ -0,0 +1,3 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIaHS9CLiDc6T1tja0fBwwv5qc6iwuckWN6w8MNo5yiR8LPWyrfueowNJkL4HMqu6OEuggtdybGw1Do4sW5o+toHCyWfZf3khI1l15opPXuVpD4CWED+SpJiZ0wBgRaCaWhfxLI+s4JOhjOO2OjiClPX3HfxIHyTpRiR78lOMcIieHSnzrAV2MatYKf6lL2ckOsIPwxo/OVM+1ljjX+HLq9IxGUCpWOnF4nF1rq3gKL2JUh2KsrgrzE3NB7EFuqKm8F0tF2rG3JjSvlwox0h06drKD02lpZWXPOBRlcyFDpNXymmc2bpG0S2Bbj5g+pqNBB0jO0h3kzWvYYqrtU/ElObg1cXhyi0PFOhhptlbhbK0Ao8B+pAbSZ661nMT3jpRWLVbnJrRFnXXdjX08r5eseQ3k4CFpv+g64n7yg3IMo9f8gA9P/hOexR+qu5AQ1Ad/tvkp6pPXnR/zsUnbe4p2A9MaNJm4E1zxbs5VGlXynNikXwDL+spkrnjwdfUULTk= john@JOHN-PC
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFn5ilhqaeDsOWSk7y29se2NvxGm8djlfL3RGLokj0q6 john@john-p14s
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHh9SBuxU2dOJHnpGZAE4cwe0fXcTBBAx+JmRsmIX+Tk8zooeM32vbNxxSXiZNpBGH5wzHNb534dWexGGG3sOaONmcL7SCoPIvaAdnIn5VsiznerLrzppSbx3Qn8eyF97WAGCcOcIUNmTIDDx1m6zG762WQnoaUEy0Ul5IR7ET5GQxP3p5Qwx8yqfixKDwarvV421sUIxYt9gee31jS9jcI3MFd6EL57hWle95Z8BGpR/Q7sXDBTZQWMZauh5NPwLMZS7k3bHgxXZ7WNOw/J/yts1ckBbvIFJSRNnMuWD0oGnDTL6aivGi+Eiswp0fpKzYGzquB3/wr3VU4G1JcMM5 JuiceSSH