2023-08-28 22:05:42 +02:00
|
|
|
{ config, lib, fn, pkgs, ... }:
|
2019-02-26 13:44:40 +01:00
|
|
|
|
2019-03-23 02:50:48 +01:00
|
|
|
with lib;
|
|
|
|
|
2019-04-13 00:05:39 +02:00
|
|
|
let
|
2023-06-14 21:52:10 +02:00
|
|
|
withDocker = config.virtualisation.docker.enable;
|
|
|
|
withPodman = config.virtualisation.podman.enable;
|
2019-04-13 00:05:39 +02:00
|
|
|
administrators = user: {
|
|
|
|
name = user.name;
|
2019-10-11 20:43:52 +02:00
|
|
|
value = let
|
|
|
|
cfg = config.services;
|
2023-04-15 16:27:27 +02:00
|
|
|
passPath = config.sops.secrets."users/${user.name}/password".path;
|
2019-10-11 20:43:52 +02:00
|
|
|
in {
|
2019-02-26 13:44:40 +01:00
|
|
|
isNormalUser = true;
|
2019-04-13 00:05:39 +02:00
|
|
|
name = user.name;
|
|
|
|
uid = user.id;
|
2023-06-14 21:52:10 +02:00
|
|
|
subUidRanges = (optional withPodman { startUid = 100000; count = 65536; });
|
|
|
|
subGidRanges = (optional withPodman { startGid = 100000; count = 65536; });
|
2019-04-13 00:05:39 +02:00
|
|
|
home = builtins.toPath "/home/${user.name}";
|
2019-02-26 13:44:40 +01:00
|
|
|
createHome = true;
|
2019-04-13 00:05:39 +02:00
|
|
|
description = "Administrative user ${user.name}.";
|
|
|
|
group = user.name;
|
2019-03-23 02:50:48 +01:00
|
|
|
extraGroups = [ "audio" "wheel" "network" ]
|
2019-10-11 20:43:52 +02:00
|
|
|
++ (optionals cfg.xserver.enable ["input" "video"])
|
|
|
|
++ (optionals cfg.printing.enable [ "cups" "lp" ])
|
2023-06-14 21:52:10 +02:00
|
|
|
++ (optional (withDocker && !withPodman) "docker")
|
|
|
|
++ (optional withPodman "podman");
|
2019-04-13 00:05:39 +02:00
|
|
|
shell = "${pkgs.zsh}/bin/zsh";
|
2019-10-11 20:43:52 +02:00
|
|
|
passwordFile = passPath;
|
2023-04-15 16:27:27 +02:00
|
|
|
# TODO: Fix for sops
|
|
|
|
# openssh.authorizedKeys.keyFiles = optional
|
|
|
|
# (cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
|
|
|
|
# "${passPath}.pub";
|
2019-02-26 13:44:40 +01:00
|
|
|
};
|
2019-04-13 00:05:39 +02:00
|
|
|
};
|
2019-03-23 02:50:48 +01:00
|
|
|
|
2019-04-13 00:05:39 +02:00
|
|
|
mkusergroup = user: {
|
|
|
|
name = user.name;
|
|
|
|
value = {
|
|
|
|
name = user.name;
|
|
|
|
gid = user.id;
|
|
|
|
members = [ user.name ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
in {
|
2023-08-28 22:05:42 +02:00
|
|
|
sops.secrets = (fn.sopsHelper
|
|
|
|
(user: "users/${user.name}/password")
|
|
|
|
config.machine.administrators
|
|
|
|
{ neededForUsers = true; });
|
2019-04-13 00:05:39 +02:00
|
|
|
users = {
|
|
|
|
mutableUsers = false;
|
|
|
|
users = listToAttrs (map administrators config.machine.administrators);
|
|
|
|
groups = listToAttrs (map mkusergroup config.machine.administrators);
|
2019-02-26 13:44:40 +01:00
|
|
|
};
|
|
|
|
}
|