2024-07-18 09:05:50 +00:00
{ pkgs , inputs , config , lib , configVars , configLib , self , . . . }:
2024-06-19 13:09:21 +00:00
let
ifTheyExist = groups : builtins . filter ( group : builtins . hasAttr group config . users . groups ) groups ;
# sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."${configVars.username}/password".path;
2024-07-18 09:05:50 +00:00
# pubKeys = lib.filesystem.listFilesRecursive (./keys);
2024-06-19 13:09:21 +00:00
# these are values we don't want to set if the environment is minimal. E.g. ISO or nixos-installer
# isMinimal is true in the nixos-installer/flake.nix
fullUserConfig = lib . optionalAttrs ( ! configVars . isMinimal )
{
2024-07-20 08:18:51 +00:00
users . users . ${ configVars . username } = {
2024-06-19 13:09:21 +00:00
# hashedPasswordFile = sopsHashedPasswordFile;
packages = [ pkgs . home-manager ] ;
} ;
# Import this user's personal/home configurations
2024-07-18 09:05:50 +00:00
home-manager . users . ${ configVars . username } = import ( configLib . relativeToRoot " h o m e / ${ configVars . username } / ${ config . networking . hostName } . n i x " ) ;
2024-06-19 13:09:21 +00:00
} ;
in
{
config = lib . recursiveUpdate fullUserConfig
#this is the second argument to recursiveUpdate
{
users . mutableUsers = false ; # Only allow declarative credentials; Required for sops
users . users . ${ configVars . username } = {
isNormalUser = true ;
2024-07-20 08:18:51 +00:00
# Default password
hashedPassword = " $ 6 $ g q m j B c K T V . m E E F H T $ 0 0 s E f U 1 P m Y p t e a v q 3 i h u 5 G f x W j n G 3 w K B 5 6 T l y h C 3 f / X T D g 2 W / S G H 1 d 7 8 e N R d a z H R 0 / 5 w i C J m H R N g R a R A P 1 m p P / " ; # Overridden if sops is working
2024-06-19 13:09:21 +00:00
extraGroups = [
" w h e e l "
] ++ ifTheyExist [
" a u d i o "
" v i d e o "
" d o c k e r "
" g i t "
" n e t w o r k m a n a g e r "
] ;
# These get placed into /etc/ssh/authorized_keys.d/<name> on nixos
2024-07-18 09:05:50 +00:00
# openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
2024-06-19 13:09:21 +00:00
shell = pkgs . zsh ; # default shell
} ;
# Proper root use required for borg and some other specific operations
2024-07-18 09:05:50 +00:00
# users.users.root = {
# hashedPasswordFile = config.users.users.${configVars.username}.hashedPasswordFile;
# password = lib.mkForce config.users.users.${configVars.username}.password;
# # root's ssh keys are mainly used for remote deployment.
# openssh.authorizedKeys.keys = config.users.users.${configVars.username}.openssh.authorizedKeys.keys;
#};
2024-06-19 13:09:21 +00:00
# No matter what environment we are in we want these tools for root, and the user(s)
programs . zsh . enable = true ;
programs . git . enable = true ;
2024-08-09 09:08:15 +00:00
environment . systemPackages = with pkgs ; [
just
rsync
2024-06-19 13:09:21 +00:00
] ;
} ;
}