nixos/config/users.nix

{ config, lib, pkgs, ... }:

with lib;

let
  administrators = user: {
    name = user.name;
    value = {
      isNormalUser = true;
      name = user.name;
      uid  = user.id;
      home = builtins.toPath "/home/${user.name}";
      createHome = true;
      description = "Administrative user ${user.name}.";
      group = user.name;
      extraGroups = [ "audio" "wheel" "network" ]
        ++ (if config.services.xserver.enable then [ "input" ] else [])
        ++ (if config.services.printing.enable then [ "cups" "lp" ] else [])
        ++ (if config.virtualisation.docker.enable then [ "docker"] else []);
      shell = "${pkgs.zsh}/bin/zsh";
      passwordFile = "/secret/${user.name}";
      openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "/secret/${user.name}.pub" ] else [];
    };
  };

   mkusergroup = user: {
     name = user.name;
     value = {
       name = user.name;
       gid = user.id;
       members = [ user.name ];
     };
   };

in {
  users = {
    mutableUsers = false;
    users = listToAttrs (map administrators config.machine.administrators);
    groups = listToAttrs (map mkusergroup config.machine.administrators);
  };
}
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`{ config, lib, pkgs, ... }:`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00
Added domain option. Maybe fixed binary cache signing. 2019-03-23 02:50:48 +01:00			`with lib;`

Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`let`
			`administrators = user: {`
			`name = user.name;`
			`value = {`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`isNormalUser = true;`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`name = user.name;`
			`uid = user.id;`
			`home = builtins.toPath "/home/${user.name}";`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`createHome = true;`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`description = "Administrative user ${user.name}.";`
			`group = user.name;`
Added domain option. Maybe fixed binary cache signing. 2019-03-23 02:50:48 +01:00			`extraGroups = [ "audio" "wheel" "network" ]`
			`++ (if config.services.xserver.enable then [ "input" ] else [])`
			`++ (if config.services.printing.enable then [ "cups" "lp" ] else [])`
			`++ (if config.virtualisation.docker.enable then [ "docker"] else []);`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`shell = "${pkgs.zsh}/bin/zsh";`
			`passwordFile = "/secret/${user.name}";`
			`openssh.authorizedKeys.keyFiles = if config.services.openssh.enable then [ "/secret/${user.name}.pub" ] else [];`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`};`
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`};`
Added domain option. Maybe fixed binary cache signing. 2019-03-23 02:50:48 +01:00
Dehardcoded user configuration. 2019-04-13 00:05:39 +02:00			`mkusergroup = user: {`
			`name = user.name;`
			`value = {`
			`name = user.name;`
			`gid = user.id;`
			`members = [ user.name ];`
			`};`
			`};`

			`in {`
			`users = {`
			`mutableUsers = false;`
			`users = listToAttrs (map administrators config.machine.administrators);`
			`groups = listToAttrs (map mkusergroup config.machine.administrators);`
Fresh repo without sensitive data. 2019-02-26 13:44:40 +01:00			`};`
			`}`