2023-09-11 20:23:04 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
fn,
|
|
|
|
pkgs,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
with lib; let
|
2023-06-14 21:52:10 +02:00
|
|
|
withDocker = config.virtualisation.docker.enable;
|
|
|
|
withPodman = config.virtualisation.podman.enable;
|
2019-04-13 00:05:39 +02:00
|
|
|
administrators = user: {
|
2023-09-11 21:20:14 +02:00
|
|
|
inherit (user) name;
|
2019-10-11 20:43:52 +02:00
|
|
|
value = let
|
|
|
|
cfg = config.services;
|
2023-04-15 16:27:27 +02:00
|
|
|
passPath = config.sops.secrets."users/${user.name}/password".path;
|
2019-10-11 20:43:52 +02:00
|
|
|
in {
|
2019-02-26 13:44:40 +01:00
|
|
|
isNormalUser = true;
|
2023-09-11 21:20:14 +02:00
|
|
|
inherit (user) name;
|
2023-09-11 20:23:04 +02:00
|
|
|
uid = user.id;
|
|
|
|
subUidRanges = optional withPodman {
|
|
|
|
startUid = 100000;
|
|
|
|
count = 65536;
|
|
|
|
};
|
|
|
|
subGidRanges = optional withPodman {
|
|
|
|
startGid = 100000;
|
|
|
|
count = 65536;
|
|
|
|
};
|
2019-04-13 00:05:39 +02:00
|
|
|
home = builtins.toPath "/home/${user.name}";
|
2019-02-26 13:44:40 +01:00
|
|
|
createHome = true;
|
2019-04-13 00:05:39 +02:00
|
|
|
description = "Administrative user ${user.name}.";
|
|
|
|
group = user.name;
|
2023-09-11 20:23:04 +02:00
|
|
|
extraGroups =
|
|
|
|
["audio" "wheel" "network"]
|
2024-07-28 14:30:31 +02:00
|
|
|
++ (optionals (lib.elem "desktop" config.machine.services) ["input" "video"])
|
2023-09-11 20:23:04 +02:00
|
|
|
++ (optionals cfg.printing.enable ["cups" "lp"])
|
2023-06-14 21:52:10 +02:00
|
|
|
++ (optional (withDocker && !withPodman) "docker")
|
|
|
|
++ (optional withPodman "podman");
|
2019-04-13 00:05:39 +02:00
|
|
|
shell = "${pkgs.zsh}/bin/zsh";
|
2024-02-21 22:00:19 +01:00
|
|
|
hashedPasswordFile = passPath;
|
2019-02-26 13:44:40 +01:00
|
|
|
};
|
2019-04-13 00:05:39 +02:00
|
|
|
};
|
2019-03-23 02:50:48 +01:00
|
|
|
|
2023-09-11 20:23:04 +02:00
|
|
|
mkusergroup = user: {
|
2023-09-11 21:20:14 +02:00
|
|
|
inherit (user) name;
|
2023-09-11 20:23:04 +02:00
|
|
|
value = {
|
2023-09-11 21:20:14 +02:00
|
|
|
inherit (user) name;
|
2023-09-11 20:23:04 +02:00
|
|
|
gid = user.id;
|
|
|
|
members = [user.name];
|
|
|
|
};
|
|
|
|
};
|
2019-04-13 00:05:39 +02:00
|
|
|
in {
|
2023-09-11 20:23:04 +02:00
|
|
|
sops.secrets =
|
|
|
|
fn.sopsHelper
|
2023-08-28 22:05:42 +02:00
|
|
|
(user: "users/${user.name}/password")
|
|
|
|
config.machine.administrators
|
2023-09-11 20:23:04 +02:00
|
|
|
{neededForUsers = true;};
|
2019-04-13 00:05:39 +02:00
|
|
|
users = {
|
|
|
|
mutableUsers = false;
|
|
|
|
users = listToAttrs (map administrators config.machine.administrators);
|
|
|
|
groups = listToAttrs (map mkusergroup config.machine.administrators);
|
2019-02-26 13:44:40 +01:00
|
|
|
};
|
|
|
|
}
|