nixos/config/users.nix

{
  config,
  lib,
  fn,
  pkgs,
  ...
}:
with lib;
let
  withDocker = config.virtualisation.docker.enable;
  withPodman = config.virtualisation.podman.enable;
  administrators = user: {
    inherit (user) name;
    value =
      let
        cfg = config.services;
        passPath = config.sops.secrets."users/${user.name}/password".path;
      in
      {
        isNormalUser = true;
        inherit (user) name;
        uid = user.id;
        subUidRanges = optional withPodman {
          startUid = 100000;
          count = 65536;
        };
        subGidRanges = optional withPodman {
          startGid = 100000;
          count = 65536;
        };
        home = builtins.toPath "/home/${user.name}";
        createHome = true;
        description = "Administrative user ${user.name}.";
        group = user.name;
        extraGroups =
          [
            "audio"
            "wheel"
            "network"
          ]
          ++ (optionals (lib.elem "desktop" config.machine.services) [
            "input"
            "video"
          ])
          ++ (optionals cfg.printing.enable [
            "cups"
            "lp"
          ])
          ++ (optional config.programs.virt-manager.enable "libvirtd")
          ++ (optional config.virtualisation.virtualbox.host.enable "vboxusers")
          ++ (optional (withDocker && !withPodman) "docker")
          ++ (optional withPodman "podman");
        shell = "${pkgs.zsh}/bin/zsh";
        hashedPasswordFile = passPath;
      };
  };

  mkusergroup = user: {
    inherit (user) name;
    value = {
      inherit (user) name;
      gid = user.id;
      members = [ user.name ];
    };
  };
in
{
  sops.secrets = fn.sopsHelper (user: "users/${user.name}/password") config.machine.administrators {
    neededForUsers = true;
  };
  users = {
    mutableUsers = false;
    users = listToAttrs (map administrators config.machine.administrators);
    groups = listToAttrs (map mkusergroup config.machine.administrators);
  };
}
Format the entire project. 2023-09-11 20:23:04 +02:00			`{`
			`config,`
			`lib,`
			`fn,`
			`pkgs,`
			`...`
			`}:`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`with lib;`
			`let`
sub-uid/gid are only needed for podman; improve readability 2023-06-14 21:52:10 +02:00			`withDocker = config.virtualisation.docker.enable;`
			`withPodman = config.virtualisation.podman.enable;`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`administrators = user: {`
Run linter+formatter. 2023-09-11 21:20:14 +02:00			`inherit (user) name;`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`value =`
			`let`
			`cfg = config.services;`
			`passPath = config.sops.secrets."users/${user.name}/password".path;`
			`in`
			`{`
			`isNormalUser = true;`
			`inherit (user) name;`
			`uid = user.id;`
			`subUidRanges = optional withPodman {`
			`startUid = 100000;`
			`count = 65536;`
			`};`
			`subGidRanges = optional withPodman {`
			`startGid = 100000;`
			`count = 65536;`
			`};`
			`home = builtins.toPath "/home/${user.name}";`
			`createHome = true;`
			`description = "Administrative user ${user.name}.";`
			`group = user.name;`
			`extraGroups =`
			`[`
			`"audio"`
			`"wheel"`
			`"network"`
			`]`
			`++ (optionals (lib.elem "desktop" config.machine.services) [`
			`"input"`
			`"video"`
			`])`
			`++ (optionals cfg.printing.enable [`
			`"cups"`
			`"lp"`
			`])`
virt-manager: init 2024-12-07 22:53:20 +01:00			`++ (optional config.programs.virt-manager.enable "libvirtd")`
virt: add virtualbox 2024-12-14 22:00:03 +01:00			`++ (optional config.virtualisation.virtualbox.host.enable "vboxusers")`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`++ (optional (withDocker && !withPodman) "docker")`
			`++ (optional withPodman "podman");`
			`shell = "${pkgs.zsh}/bin/zsh";`
			`hashedPasswordFile = passPath;`
Format the entire project. 2023-09-11 20:23:04 +02:00			`};`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`};`
Added domain option. Maybe fixed binary cache signing. 2019-03-23 02:50:48 +01:00
Format the entire project. 2023-09-11 20:23:04 +02:00			`mkusergroup = user: {`
Run linter+formatter. 2023-09-11 21:20:14 +02:00			`inherit (user) name;`
Format the entire project. 2023-09-11 20:23:04 +02:00			`value = {`
Run linter+formatter. 2023-09-11 21:20:14 +02:00			`inherit (user) name;`
Format the entire project. 2023-09-11 20:23:04 +02:00			`gid = user.id;`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`members = [ user.name ];`
Format the entire project. 2023-09-11 20:23:04 +02:00			`};`
			`};`
Format project using nixfmt rfc candidate. 2024-11-20 20:32:38 +01:00			`in`
			`{`
			`sops.secrets = fn.sopsHelper (user: "users/${user.name}/password") config.machine.administrators {`
			`neededForUsers = true;`
			`};`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`users = {`
			`mutableUsers = false;`
			`users = listToAttrs (map administrators config.machine.administrators);`
			`groups = listToAttrs (map mkusergroup config.machine.administrators);`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`};`
			`}`