nixos/config/users.nix

56 lines
1.7 KiB
Nix
Raw Normal View History

2023-08-28 22:05:42 +02:00
{ config, lib, fn, pkgs, ... }:
2019-02-26 13:44:40 +01:00
with lib;
2019-04-13 00:05:39 +02:00
let
withDocker = config.virtualisation.docker.enable;
withPodman = config.virtualisation.podman.enable;
2019-04-13 00:05:39 +02:00
administrators = user: {
name = user.name;
value = let
cfg = config.services;
passPath = config.sops.secrets."users/${user.name}/password".path;
in {
2019-02-26 13:44:40 +01:00
isNormalUser = true;
2019-04-13 00:05:39 +02:00
name = user.name;
uid = user.id;
subUidRanges = (optional withPodman { startUid = 100000; count = 65536; });
subGidRanges = (optional withPodman { startGid = 100000; count = 65536; });
2019-04-13 00:05:39 +02:00
home = builtins.toPath "/home/${user.name}";
2019-02-26 13:44:40 +01:00
createHome = true;
2019-04-13 00:05:39 +02:00
description = "Administrative user ${user.name}.";
group = user.name;
extraGroups = [ "audio" "wheel" "network" ]
++ (optionals cfg.xserver.enable ["input" "video"])
++ (optionals cfg.printing.enable [ "cups" "lp" ])
++ (optional (withDocker && !withPodman) "docker")
++ (optional withPodman "podman");
2019-04-13 00:05:39 +02:00
shell = "${pkgs.zsh}/bin/zsh";
passwordFile = passPath;
# TODO: Fix for sops
# openssh.authorizedKeys.keyFiles = optional
# (cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
# "${passPath}.pub";
2019-02-26 13:44:40 +01:00
};
2019-04-13 00:05:39 +02:00
};
2019-04-13 00:05:39 +02:00
mkusergroup = user: {
name = user.name;
value = {
name = user.name;
gid = user.id;
members = [ user.name ];
};
};
in {
2023-08-28 22:05:42 +02:00
sops.secrets = (fn.sopsHelper
(user: "users/${user.name}/password")
config.machine.administrators
{ neededForUsers = true; });
2019-04-13 00:05:39 +02:00
users = {
mutableUsers = false;
users = listToAttrs (map administrators config.machine.administrators);
groups = listToAttrs (map mkusergroup config.machine.administrators);
2019-02-26 13:44:40 +01:00
};
}