os/modules/user/default.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

102 lines
2.4 KiB
Nix
Raw Normal View History

2021-05-30 19:10:28 +00:00
{
2022-11-20 22:28:23 +00:00
config,
pkgs,
2024-01-06 09:46:10 +00:00
lib,
2022-11-20 22:28:23 +00:00
...
2024-01-06 09:46:10 +00:00
}: let
psCfg = config.pub-solar;
in
with lib; {
imports = [
./home.nix
];
2021-05-30 19:10:28 +00:00
options.pub-solar = {
user = {
name = mkOption {
description = "User login name";
type = types.nullOr types.str;
default = "nixos";
};
2021-11-17 11:05:50 +00:00
description = mkOption {
description = "User description";
type = types.nullOr types.str;
default = "The main PubSolarOS user";
};
2021-05-30 19:10:28 +00:00
password = mkOption {
description = "User password";
type = types.nullOr types.str;
default = null;
};
2024-01-06 09:46:10 +00:00
passwordlessSudo = mkOption {
description = "Whether this user can use sudo without entering a password";
type = types.bool;
default = false;
};
2022-01-31 16:35:00 +00:00
publicKeys = mkOption {
description = "User SSH public keys";
type = types.listOf types.str;
2022-01-31 16:35:00 +00:00
default = [];
};
2021-05-30 19:10:28 +00:00
fullName = mkOption {
description = "User full name";
type = types.nullOr types.str;
default = null;
};
email = mkOption {
description = "User email address";
type = types.nullOr types.str;
default = null;
};
gpgKeyId = mkOption {
description = "GPG Key ID";
type = types.nullOr types.str;
default = null;
};
};
};
2024-01-06 09:46:10 +00:00
config = {
users = {
mutableUsers = false;
users."${psCfg.user.name}" = {
# Indicates whether this is an account for a “real” user.
# This automatically sets group to users, createHome to true,
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
isNormalUser = true;
description = psCfg.user.description;
extraGroups = [
"input"
"lp"
"networkmanager"
"scanner"
"video"
"wheel"
];
shell = pkgs.bash;
initialHashedPassword =
if psCfg.user.password != null
then psCfg.user.password
else "";
openssh.authorizedKeys.keys =
if psCfg.user.publicKeys != null
then psCfg.user.publicKeys
else [];
};
};
security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [
{
users = ["${psCfg.user.name}"];
commands = [
{
command = "ALL";
options = ["NOPASSWD"];
}
];
}
];
};
2021-05-30 19:10:28 +00:00
}