nixos/config/users.nix

62 lines
1.6 KiB
Nix

{
config,
lib,
fn,
pkgs,
...
}:
with lib; let
withDocker = config.virtualisation.docker.enable;
withPodman = config.virtualisation.podman.enable;
administrators = user: {
inherit (user) name;
value = let
cfg = config.services;
passPath = config.sops.secrets."users/${user.name}/password".path;
in {
isNormalUser = true;
inherit (user) name;
uid = user.id;
subUidRanges = optional withPodman {
startUid = 100000;
count = 65536;
};
subGidRanges = optional withPodman {
startGid = 100000;
count = 65536;
};
home = builtins.toPath "/home/${user.name}";
createHome = true;
description = "Administrative user ${user.name}.";
group = user.name;
extraGroups =
["audio" "wheel" "network"]
++ (optionals cfg.xserver.enable ["input" "video"])
++ (optionals cfg.printing.enable ["cups" "lp"])
++ (optional (withDocker && !withPodman) "docker")
++ (optional withPodman "podman");
shell = "${pkgs.zsh}/bin/zsh";
hashedPasswordFile = passPath;
};
};
mkusergroup = user: {
inherit (user) name;
value = {
inherit (user) name;
gid = user.id;
members = [user.name];
};
};
in {
sops.secrets =
fn.sopsHelper
(user: "users/${user.name}/password")
config.machine.administrators
{neededForUsers = true;};
users = {
mutableUsers = false;
users = listToAttrs (map administrators config.machine.administrators);
groups = listToAttrs (map mkusergroup config.machine.administrators);
};
}