diff options
Diffstat (limited to 'modules/by-name/us/users')
-rw-r--r-- | modules/by-name/us/users/module.nix | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/modules/by-name/us/users/module.nix b/modules/by-name/us/users/module.nix new file mode 100644 index 00000000..a44df7e8 --- /dev/null +++ b/modules/by-name/us/users/module.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.soispha.users; +in { + options.soispha.users = { + enable = lib.mkEnableOption "user set-up for soispha"; + hashedPassword = lib.mkOption { + type = lib.types.str; + example = lib.literalExpression "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B"; + description = "The hashed password of the user"; + }; + groups = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = ["wheel"]; + description = "The groups the soispha user should be part of"; + }; + + # Although deprecated, this helps with old udev rules, that still use this group. + # TODO: Try to find a way to remove this option (i.e. set it always to false). + enableDeprecatedPlugdev = lib.mkEnableOption "the deprecated plugdev group for the user"; + }; + + config = lib.mkIf cfg.enable { + # Ensure that the default shell of the user is actually enabled. + programs.zsh.enable = true; + + users = { + mutableUsers = false; + + users.soispha = { + isNormalUser = true; + home = "/home/soispha"; + createHome = true; + shell = pkgs.zsh; + initialHashedPassword = cfg.hashedPassword; + extraGroups = cfg.groups ++ lib.optional cfg.enableDeprecatedPlugdev "plugdev"; + + uid = 1000; + openssh.authorizedKeys.keys = [ + # TODO: This should be parameterized. <2024-05-16> + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz" + ]; + }; + }; + }; +} |