107 lines
2.7 KiB
Nix
107 lines
2.7 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
flake,
|
|
...
|
|
}: let
|
|
psCfg = config.pub-solar;
|
|
in
|
|
with lib; {
|
|
imports = [
|
|
./home.nix
|
|
];
|
|
|
|
options.pub-solar = {
|
|
user = {
|
|
name = mkOption {
|
|
description = "User login name";
|
|
type = types.nullOr types.str;
|
|
default = "nixos";
|
|
};
|
|
description = mkOption {
|
|
description = "User description";
|
|
type = types.nullOr types.str;
|
|
default = "The main PubSolarOS user";
|
|
};
|
|
password = mkOption {
|
|
description = "User password";
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
};
|
|
passwordlessSudo = mkOption {
|
|
description = "Whether this user can use sudo without entering a password";
|
|
type = types.bool;
|
|
default = false;
|
|
};
|
|
publicKeys = mkOption {
|
|
description = "User SSH public keys";
|
|
type = types.listOf types.str;
|
|
default = [];
|
|
};
|
|
fullName = mkOption {
|
|
description = "User full name";
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
};
|
|
email = mkOption {
|
|
description = "User email address";
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
};
|
|
gpgKeyId = mkOption {
|
|
description = "GPG Key ID";
|
|
type = types.nullOr types.str;
|
|
default = null;
|
|
};
|
|
};
|
|
};
|
|
|
|
config = {
|
|
users = {
|
|
mutableUsers = false;
|
|
|
|
users."${psCfg.user.name}" = {
|
|
# Indicates whether this is an account for a “real” user.
|
|
# This automatically sets group to users, createHome to true,
|
|
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
|
|
isNormalUser = true;
|
|
description = psCfg.user.description;
|
|
extraGroups = [
|
|
"input"
|
|
"lp"
|
|
"networkmanager"
|
|
"scanner"
|
|
"video"
|
|
"dialout"
|
|
"wheel"
|
|
];
|
|
shell = pkgs.bash;
|
|
initialHashedPassword =
|
|
if psCfg.user.password != null
|
|
then psCfg.user.password
|
|
else "";
|
|
openssh.authorizedKeys.keys =
|
|
flake.self.publicKeys
|
|
++ (
|
|
if psCfg.user.publicKeys != null
|
|
then psCfg.user.publicKeys
|
|
else []
|
|
);
|
|
};
|
|
};
|
|
|
|
security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
|
|
{
|
|
users = ["${psCfg.user.name}"];
|
|
commands = [
|
|
{
|
|
command = "ALL";
|
|
options = ["NOPASSWD"];
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
}
|