nix-config/modules/system/users/default.nix

# User setup
{ config, lib, pkgs, ... }:
let
  secrets = config.age.secrets;
  cfg = config.my.system.users;
  groupExists = grp: builtins.hasAttr grp config.users.groups;
  groupsIfExist = builtins.filter groupExists;
in
{
  options.my.system.users = with lib; {
    enable = my.mkDisableOption "user configuration";
  };

  config = lib.mkIf cfg.enable {
    users = {
      mutableUsers = false; # I want it to be declarative.

      users = {
        root = {
          passwordFile = secrets."users/root/hashed-password".path;
        };

        ${config.my.user.name} = {
          passwordFile = secrets."users/ambroisie/hashed-password".path;
          description = "Bruno BELANYI";
          isNormalUser = true;
          shell = pkgs.zsh;
          extraGroups = groupsIfExist [
            "audio" # sound control
            "docker" # usage of `docker` socket
            "media" # access to media files
            "networkmanager" # wireless configuration
            "plugdev" # usage of ZSA keyboard tools
            "podman" # usage of `podman` socket
            "video" # screen control
            "wheel" # `sudo` for the user.
          ];
          openssh.authorizedKeys.keys = with builtins;
            let
              keyDir = ./ssh;
              contents = readDir keyDir;
              names = attrNames contents;
              files = filter (name: contents.${name} == "regular") names;
              keys = map (basename: readFile (keyDir + "/${basename}")) files;
            in
            keys;
        };
      };
    };
  };
}
porthos: split into modules I have separated the modules into host-specific settings, and generic settings that ought to be shared by every host. I only have the 'porthos' host for now, but intend to also add my laptop 'aramis' at some point to this repository. 2021-02-06 15:35:38 +01:00			`# User setup`
modules: users: add to groups in single place 2021-03-07 18:47:33 +01:00			`{ config, lib, pkgs, ... }:`
porthos: split into modules I have separated the modules into host-specific settings, and generic settings that ought to be shared by every host. I only have the 'porthos' host for now, but intend to also add my laptop 'aramis' at some point to this repository. 2021-02-06 15:35:38 +01:00			`let`
modules: system: users: use agenix secrets 2021-09-25 12:46:58 +02:00			`secrets = config.age.secrets;`
modules: system: users: make it configurable Notably, make use of my global 'username' option. 2021-05-29 21:14:28 +02:00			`cfg = config.my.system.users;`
modules: users: simplify 'groupsIfExist' 2021-05-09 12:14:50 +02:00			`groupExists = grp: builtins.hasAttr grp config.users.groups;`
			`groupsIfExist = builtins.filter groupExists;`
porthos: split into modules I have separated the modules into host-specific settings, and generic settings that ought to be shared by every host. I only have the 'porthos' host for now, but intend to also add my laptop 'aramis' at some point to this repository. 2021-02-06 15:35:38 +01:00			`in`
			`{`
modules: system: users: make it configurable Notably, make use of my global 'username' option. 2021-05-29 21:14:28 +02:00			`options.my.system.users = with lib; {`
			`enable = my.mkDisableOption "user configuration";`
			`};`

			`config = lib.mkIf cfg.enable {`
			`users = {`
			`mutableUsers = false; # I want it to be declarative.`

			`users = {`
			`root = {`
modules: system: users: use agenix secrets 2021-09-25 12:46:58 +02:00			`passwordFile = secrets."users/root/hashed-password".path;`
modules: system: users: make it configurable Notably, make use of my global 'username' option. 2021-05-29 21:14:28 +02:00			`};`
porthos: split into modules I have separated the modules into host-specific settings, and generic settings that ought to be shared by every host. I only have the 'porthos' host for now, but intend to also add my laptop 'aramis' at some point to this repository. 2021-02-06 15:35:38 +01:00
modules: change username configuration option It makes more sense to have a `my.user` option. 2021-06-25 20:40:34 +02:00			`${config.my.user.name} = {`
modules: system: users: use agenix secrets 2021-09-25 12:46:58 +02:00			`passwordFile = secrets."users/ambroisie/hashed-password".path;`
modules: system: users: make it configurable Notably, make use of my global 'username' option. 2021-05-29 21:14:28 +02:00			`description = "Bruno BELANYI";`
			`isNormalUser = true;`
			`shell = pkgs.zsh;`
			`extraGroups = groupsIfExist [`
			`"audio" # sound control`
modules: system: users: add 'docker' group 2023-06-08 13:53:17 +02:00			"docker" # usage of `docker` socket
modules: system: users: make it configurable Notably, make use of my global 'username' option. 2021-05-29 21:14:28 +02:00			`"media" # access to media files`
			`"networkmanager" # wireless configuration`
			`"plugdev" # usage of ZSA keyboard tools`
modules: system: add podman 2022-01-12 18:22:43 +01:00			"podman" # usage of `podman` socket
modules: system: users: make it configurable Notably, make use of my global 'username' option. 2021-05-29 21:14:28 +02:00			`"video" # screen control`
			"wheel" # `sudo` for the user.
			`];`
			`openssh.authorizedKeys.keys = with builtins;`
			`let`
			`keyDir = ./ssh;`
			`contents = readDir keyDir;`
			`names = attrNames contents;`
			`files = filter (name: contents.${name} == "regular") names;`
			`keys = map (basename: readFile (keyDir + "/${basename}")) files;`
			`in`
			`keys;`
			`};`
			`};`
			`};`
porthos: split into modules I have separated the modules into host-specific settings, and generic settings that ought to be shared by every host. I only have the 'porthos' host for now, but intend to also add my laptop 'aramis' at some point to this repository. 2021-02-06 15:35:38 +01:00			`};`
			`}`