os/modules/user/default.nix

107 lines
2.7 KiB
Nix

{
config,
pkgs,
lib,
flake,
...
}: let
psCfg = config.pub-solar;
in
with lib; {
imports = [
./home.nix
];
options.pub-solar = {
user = {
name = mkOption {
description = "User login name";
type = types.nullOr types.str;
default = "nixos";
};
description = mkOption {
description = "User description";
type = types.nullOr types.str;
default = "The main PubSolarOS user";
};
password = mkOption {
description = "User password";
type = types.nullOr types.str;
default = null;
};
passwordlessSudo = mkOption {
description = "Whether this user can use sudo without entering a password";
type = types.bool;
default = false;
};
publicKeys = mkOption {
description = "User SSH public keys";
type = types.listOf types.str;
default = [];
};
fullName = mkOption {
description = "User full name";
type = types.nullOr types.str;
default = null;
};
email = mkOption {
description = "User email address";
type = types.nullOr types.str;
default = null;
};
gpgKeyId = mkOption {
description = "GPG Key ID";
type = types.nullOr types.str;
default = null;
};
};
};
config = {
users = {
mutableUsers = false;
users."${psCfg.user.name}" = {
# Indicates whether this is an account for a “real” user.
# This automatically sets group to users, createHome to true,
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
isNormalUser = true;
description = psCfg.user.description;
extraGroups = [
"input"
"lp"
"networkmanager"
"scanner"
"video"
"dialout"
"wheel"
];
shell = pkgs.bash;
initialHashedPassword =
if psCfg.user.password != null
then psCfg.user.password
else "";
openssh.authorizedKeys.keys =
flake.self.publicKeys
++ (
if psCfg.user.publicKeys != null
then psCfg.user.publicKeys
else []
);
};
};
security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
}