refactor: centralize user UID/GID/home as _internal options

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

modules/assertions.nix

@@ -21,8 +21,8 @@ let
   getEffectiveInterfaces = helpers.getEffectiveInterfaces cfg._internal.netvmInjections;
 
   # User UID/GID for shared directory assertions
-  userUid = config.users.users.${cfg.user}.uid;
-  userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
+  userUid = cfg._internal.userUid;
+  userGid = cfg._internal.userGid;
 
   # Normalize all isolated devices
   normalizedIsolatedDevices = map helpers.normalizeBdf cfg.isolatedPciDevices;

modules/default.nix

@@ -6,6 +6,9 @@
   ...
 }:
 
+let
+  cfg = config.programs.vmsilo;
+in
 {
   imports = [
     ./options.nix
@@ -20,4 +23,12 @@
     ./overlay.nix
     ./package.nix
   ];
+
+  config = lib.mkIf cfg.enable {
+    programs.vmsilo._internal = {
+      userUid = config.users.users.${cfg.user}.uid;
+      userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
+      userHome = config.users.users.${cfg.user}.home;
+    };
+  };
 }

modules/lib/vm-config.nix

@@ -28,8 +28,8 @@ let
 
   getEffectiveGuestConfig = vm: cfg._internal.netvmInjections.${vm.name}.guestConfig or [ ];
 
-  userUid = config.users.users.${cfg.user}.uid;
-  userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
+  userUid = cfg._internal.userUid;
+  userGid = cfg._internal.userGid;
 
   # Build rootfs for a VM
   buildRootfs =

modules/options.nix

@@ -1126,6 +1126,24 @@ in
         internal = true;
       };
 
+      userUid = lib.mkOption {
+        type = lib.types.int;
+        description = "UID of the configured vmsilo user.";
+        internal = true;
+      };
+
+      userGid = lib.mkOption {
+        type = lib.types.int;
+        description = "GID of the configured vmsilo user's primary group.";
+        internal = true;
+      };
+
+      userHome = lib.mkOption {
+        type = lib.types.str;
+        description = "Home directory of the configured vmsilo user.";
+        internal = true;
+      };
+
       # Generated by netvm.nix: maps VM name -> { interfaces, guestConfig }
       # Used to inject netvm-derived interfaces and guest config into VMs
       # without creating a self-referential cycle on nixosVms.

modules/scripts.nix

@@ -126,8 +126,6 @@ let
     let
       c = mkVmConfig vm;
 
-      userUid = config.users.users.${cfg.user}.uid;
-
       coreScheduling = if cfg.schedulerIsolation == "off" then "Off" else "Vm";
 
       effectiveChLogLevel =
@@ -270,7 +268,7 @@ let
         exit 1
       fi
       ln -sf "$CONSOLE_PTY" /run/vmsilo/${vm.name}/console
-      chown ${toString userUid} /run/vmsilo/${vm.name}/console
+      chown ${toString cfg._internal.userUid} /run/vmsilo/${vm.name}/console
 
       # Step 3: Boot VM
       ${chRemote} \
@@ -288,7 +286,7 @@ let
         kill $CH_PID 2>/dev/null || true
         exit 1
       fi
-      chown ${toString userUid} /run/vmsilo/${vm.name}/vsock.socket
+      chown ${toString cfg._internal.userUid} /run/vmsilo/${vm.name}/vsock.socket
 
       # Block until VMM exits (VM shutdown)
       wait $CH_PID

modules/services.nix

@@ -23,9 +23,9 @@ let
   vms = assignVmIds cfg.nixosVms;
 
   # User UID/GID/home for console relay, shared home, and tray proxy
-  userUid = config.users.users.${cfg.user}.uid;
-  userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
-  userHome = config.users.users.${cfg.user}.home;
+  userUid = cfg._internal.userUid;
+  userGid = cfg._internal.userGid;
+  userHome = cfg._internal.userHome;
 
   # Whether any VM uses sharedHome
   anySharedHome = lib.any (vm: vm.sharedHome != false) (lib.attrValues cfg.nixosVms);