blob: a44df7e81f443e851d168283bd426aee3fd97f95 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
{
config,
pkgs,
lib,
...
}: let
cfg = config.soispha.users;
in {
options.soispha.users = {
enable = lib.mkEnableOption "user set-up for soispha";
hashedPassword = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B";
description = "The hashed password of the user";
};
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["wheel"];
description = "The groups the soispha user should be part of";
};
# Although deprecated, this helps with old udev rules, that still use this group.
# TODO: Try to find a way to remove this option (i.e. set it always to false).
enableDeprecatedPlugdev = lib.mkEnableOption "the deprecated plugdev group for the user";
};
config = lib.mkIf cfg.enable {
# Ensure that the default shell of the user is actually enabled.
programs.zsh.enable = true;
users = {
mutableUsers = false;
users.soispha = {
isNormalUser = true;
home = "/home/soispha";
createHome = true;
shell = pkgs.zsh;
initialHashedPassword = cfg.hashedPassword;
extraGroups = cfg.groups ++ lib.optional cfg.enableDeprecatedPlugdev "plugdev";
uid = 1000;
openssh.authorizedKeys.keys = [
# TODO: This should be parameterized. <2024-05-16>
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz"
];
};
};
};
}
|
