nix-config/modules/system/users.nix
Bruno BELANYI 2f9d3417d4 modules: system: users: use 'ambroisie' password
Do not rely on `my.user.name` which could be changed to a value not
available in the secrets.
2021-09-23 21:28:29 +02:00

50 lines
1.4 KiB
Nix

# User setup
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
cfg = config.my.system.users;
groupExists = grp: builtins.hasAttr grp config.users.groups;
groupsIfExist = builtins.filter groupExists;
in
{
options.my.system.users = with lib; {
enable = my.mkDisableOption "user configuration";
};
config = lib.mkIf cfg.enable {
users = {
mutableUsers = false; # I want it to be declarative.
users = {
root = {
inherit (secrets.users.root) hashedPassword;
};
${config.my.user.name} = {
inherit (secrets.users.ambroisie) hashedPassword;
description = "Bruno BELANYI";
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = groupsIfExist [
"audio" # sound control
"media" # access to media files
"networkmanager" # wireless configuration
"plugdev" # usage of ZSA keyboard tools
"video" # screen control
"wheel" # `sudo` for the user.
];
openssh.authorizedKeys.keys = with builtins;
let
keyDir = ./ssh;
contents = readDir keyDir;
names = attrNames contents;
files = filter (name: contents.${name} == "regular") names;
keys = map (basename: readFile (keyDir + "/${basename}")) files;
in
keys;
};
};
};
};
}