64 lines
1.3 KiB
Nix
64 lines
1.3 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
username,
|
|
userdesc,
|
|
sopsRoot,
|
|
...
|
|
}:
|
|
lib.my.makeSwitch {
|
|
inherit config;
|
|
default = true;
|
|
optionName = "default user settings";
|
|
optionPath = [ "user" ];
|
|
config' = {
|
|
programs.zsh.enable = true;
|
|
|
|
sops.secrets.imxyy-nix-hashed-password = {
|
|
sopsFile = sopsRoot + /imxyy-nix-hashed-password.txt;
|
|
format = "binary";
|
|
neededForUsers = true;
|
|
};
|
|
users = {
|
|
mutableUsers = false;
|
|
users.${username} = {
|
|
isNormalUser = true;
|
|
description = userdesc;
|
|
shell = pkgs.zsh;
|
|
extraGroups = [
|
|
"wheel"
|
|
username
|
|
];
|
|
hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
|
|
};
|
|
groups.${username} = { };
|
|
};
|
|
users.users.root.hashedPasswordFile = lib.mkDefault config.sops.secrets.imxyy-nix-hashed-password.path;
|
|
|
|
security.sudo.extraRules = [
|
|
{
|
|
users = [ username ];
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = [ "NOPASSWD" ];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
|
|
nix.settings.trusted-users = [
|
|
"root"
|
|
username
|
|
];
|
|
|
|
my.home = {
|
|
home = {
|
|
inherit username;
|
|
homeDirectory = "/home/${username}";
|
|
};
|
|
};
|
|
};
|
|
}
|