From aff10fd01ff66c113fd993b5b428dc473263cfb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dav=C3=AD=C3=B0=20Steinn=20Geirsson?= <david@dsg.is>
Date: Sun, 22 Mar 2026 14:27:17 +0000
Subject: [PATCH] refactor: centralize user UID/GID/home as _internal options

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 modules/assertions.nix    |  4 ++--
 modules/default.nix       | 11 +++++++++++
 modules/lib/vm-config.nix |  4 ++--
 modules/options.nix       | 18 ++++++++++++++++++
 modules/scripts.nix       |  6 ++----
 modules/services.nix      |  6 +++---
 6 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/modules/assertions.nix b/modules/assertions.nix
index 24919ef..966c33b 100644
--- a/modules/assertions.nix
+++ b/modules/assertions.nix
@@ -21,8 +21,8 @@ let
   getEffectiveInterfaces = helpers.getEffectiveInterfaces cfg._internal.netvmInjections;
 
   # User UID/GID for shared directory assertions
-  userUid = config.users.users.${cfg.user}.uid;
-  userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
+  userUid = cfg._internal.userUid;
+  userGid = cfg._internal.userGid;
 
   # Normalize all isolated devices
   normalizedIsolatedDevices = map helpers.normalizeBdf cfg.isolatedPciDevices;
diff --git a/modules/default.nix b/modules/default.nix
index f82cd1b..a0d68df 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -6,6 +6,9 @@
   ...
 }:
 
+let
+  cfg = config.programs.vmsilo;
+in
 {
   imports = [
     ./options.nix
@@ -20,4 +23,12 @@
     ./overlay.nix
     ./package.nix
   ];
+
+  config = lib.mkIf cfg.enable {
+    programs.vmsilo._internal = {
+      userUid = config.users.users.${cfg.user}.uid;
+      userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
+      userHome = config.users.users.${cfg.user}.home;
+    };
+  };
 }
diff --git a/modules/lib/vm-config.nix b/modules/lib/vm-config.nix
index f570ee2..3830efa 100644
--- a/modules/lib/vm-config.nix
+++ b/modules/lib/vm-config.nix
@@ -28,8 +28,8 @@ let
 
   getEffectiveGuestConfig = vm: cfg._internal.netvmInjections.${vm.name}.guestConfig or [ ];
 
-  userUid = config.users.users.${cfg.user}.uid;
-  userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
+  userUid = cfg._internal.userUid;
+  userGid = cfg._internal.userGid;
 
   # Build rootfs for a VM
   buildRootfs =
diff --git a/modules/options.nix b/modules/options.nix
index e82e1b7..e6aede1 100644
--- a/modules/options.nix
+++ b/modules/options.nix
@@ -1126,6 +1126,24 @@ in
         internal = true;
       };
 
+      userUid = lib.mkOption {
+        type = lib.types.int;
+        description = "UID of the configured vmsilo user.";
+        internal = true;
+      };
+
+      userGid = lib.mkOption {
+        type = lib.types.int;
+        description = "GID of the configured vmsilo user's primary group.";
+        internal = true;
+      };
+
+      userHome = lib.mkOption {
+        type = lib.types.str;
+        description = "Home directory of the configured vmsilo user.";
+        internal = true;
+      };
+
       # Generated by netvm.nix: maps VM name -> { interfaces, guestConfig }
       # Used to inject netvm-derived interfaces and guest config into VMs
       # without creating a self-referential cycle on nixosVms.
diff --git a/modules/scripts.nix b/modules/scripts.nix
index 25e3865..9b4223a 100644
--- a/modules/scripts.nix
+++ b/modules/scripts.nix
@@ -126,8 +126,6 @@ let
     let
       c = mkVmConfig vm;
 
-      userUid = config.users.users.${cfg.user}.uid;
-
       coreScheduling = if cfg.schedulerIsolation == "off" then "Off" else "Vm";
 
       effectiveChLogLevel =
@@ -270,7 +268,7 @@ let
         exit 1
       fi
       ln -sf "$CONSOLE_PTY" /run/vmsilo/${vm.name}/console
-      chown ${toString userUid} /run/vmsilo/${vm.name}/console
+      chown ${toString cfg._internal.userUid} /run/vmsilo/${vm.name}/console
 
       # Step 3: Boot VM
       ${chRemote} \
@@ -288,7 +286,7 @@ let
         kill $CH_PID 2>/dev/null || true
         exit 1
       fi
-      chown ${toString userUid} /run/vmsilo/${vm.name}/vsock.socket
+      chown ${toString cfg._internal.userUid} /run/vmsilo/${vm.name}/vsock.socket
 
       # Block until VMM exits (VM shutdown)
       wait $CH_PID
diff --git a/modules/services.nix b/modules/services.nix
index cfedae7..0be38f7 100644
--- a/modules/services.nix
+++ b/modules/services.nix
@@ -23,9 +23,9 @@ let
   vms = assignVmIds cfg.nixosVms;
 
   # User UID/GID/home for console relay, shared home, and tray proxy
-  userUid = config.users.users.${cfg.user}.uid;
-  userGid = config.users.groups.${config.users.users.${cfg.user}.group}.gid;
-  userHome = config.users.users.${cfg.user}.home;
+  userUid = cfg._internal.userUid;
+  userGid = cfg._internal.userGid;
+  userHome = cfg._internal.userHome;
 
   # Whether any VM uses sharedHome
   anySharedHome = lib.any (vm: vm.sharedHome != false) (lib.attrValues cfg.nixosVms);