blob: 80b3fca7326c537c93e9b3a621c09dd4de6be734 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# vim: ts=2
{
config,
pkgs,
lib,
...
}: let
cfg = config.soispha.users;
in {
options.soispha.users = {
# enable = lib.mkEnableOption (lib.mdDoc "users");
hashedPassword = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B";
default = "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B";
description = lib.mdDoc "Hashed password for the user";
};
};
config = {
# I was told, that this solves some nasty problems:
programs.zsh.enable = true;
users = {
groups = {
plugdev.members = ["soispha"];
};
mutableUsers = false;
users.soispha = {
isNormalUser = true;
home = "/home/soispha";
createHome = true;
shell = pkgs.zsh;
initialHashedPassword = cfg.hashedPassword;
extraGroups = [
"plugdev" # although deprecated, this helps with old udev rules, that still use this group. TODO check for an open issue
"wheel"
"networkmanager" # if I activate network-manager, this will help
"libvirtd" # needed to run libvirt stuff as this user
];
uid = 1000;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha"
];
};
};
# system.activationScripts.home_permissions =
# pkgs.lib.stringAfter ["users"]
# ''
# mkdir /home/soispha
# chmod 700 /home/soispha
# chown -hR soispha:users /home/soispha
# '';
};
}
|