From 206c2e42af7fd95ccabc696cfa29206a79ad9431 Mon Sep 17 00:00:00 2001
From: derped <derped@ophanim.de>
Date: Fri, 11 Oct 2019 20:43:52 +0200
Subject: [PATCH] Public ssh keyfile is now optional even when openssh is
 enabled.

---
 config/users.nix | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/config/users.nix b/config/users.nix
index 6399ec5..dd3ae24 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -5,7 +5,10 @@ with lib;
 let
   administrators = user: {
     name = user.name;
-    value = {
+    value = let
+      cfg = config.services;
+      passPath = "${config.machine.secretPath}/${user.name}";
+    in {
       isNormalUser = true;
       name = user.name;
       uid  = user.id;
@@ -14,12 +17,14 @@ let
       description = "Administrative user ${user.name}.";
       group = user.name;
       extraGroups = [ "audio" "wheel" "network" ]
-        ++ (optional config.services.xserver.enable "input")
-        ++ (optionals config.services.printing.enable [ "cups" "lp" ])
+        ++ (optionals cfg.xserver.enable ["input" "video"])
+        ++ (optionals cfg.printing.enable [ "cups" "lp" ])
         ++ (optional config.virtualisation.docker.enable "docker");
       shell = "${pkgs.zsh}/bin/zsh";
-      passwordFile = "${config.machine.secretPath}/${user.name}";
-      openssh.authorizedKeys.keyFiles = optional config.services.openssh.enable "${config.machine.secretPath}/${user.name}.pub";
+      passwordFile = passPath;
+      openssh.authorizedKeys.keyFiles = optional
+        (cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
+        "${passPath}.pub";
     };
   };