mirror of
https://github.com/TheWanderingCrow/CrOS.git
synced 2026-01-23 23:24:15 -05:00
56 lines
1.8 KiB
Nix
56 lines
1.8 KiB
Nix
# User config applicable only to nixos
|
|
{
|
|
inputs,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}: let
|
|
hostSpec = config.hostSpec;
|
|
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
|
|
|
# Decrypt password to /run/secrets-for-users/ so it can be used to create the user
|
|
sopsHashedPasswordFile = lib.optionalString (!config.hostSpec.isMinimal) config.sops.secrets."passwords/${hostSpec.username}".path;
|
|
virtPass = pkgs.writeText "password" "$y$j9T$ZbQbNHUSFsePoP0X.TdwR/$.EKJWDSY7ZO/nqf4FxgUYA3a47CYAKLzaV7ZAy745R/";
|
|
in {
|
|
users = {
|
|
mutableUsers = false; # Only allow declarative credentials; Required for password to be set via sops during system activation!
|
|
users = {
|
|
# Default user for the host set in hostspec
|
|
${hostSpec.username} = {
|
|
home = "/home/${hostSpec.username}";
|
|
isNormalUser = true;
|
|
hashedPasswordFile =
|
|
if config.hostSpec.isVirtual
|
|
then builtins.toString virtPass
|
|
else sopsHashedPasswordFile;
|
|
linger = true;
|
|
|
|
extraGroups = lib.flatten [
|
|
"wheel"
|
|
(ifTheyExist [
|
|
"audio"
|
|
"video"
|
|
"docker"
|
|
"podman"
|
|
"dialout"
|
|
"git"
|
|
"networkmanager"
|
|
"scanner" # for print/scan"
|
|
"lp" # for print/scan"
|
|
"vboxusers"
|
|
])
|
|
];
|
|
};
|
|
|
|
# Root user setup
|
|
root = {
|
|
shell = pkgs.zsh;
|
|
hashedPasswordFile = config.users.users.${hostSpec.username}.hashedPasswordFile;
|
|
openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
|
|
};
|
|
};
|
|
};
|
|
# No matter what environment we are in we want these tools for root, and the user(s)
|
|
programs.git.enable = true;
|
|
}
|