{ config, pkgs, lib, ... }: let psCfg = config.pub-solar; in with lib; { imports = [ ./home.nix ]; options.pub-solar = { user = { name = mkOption { description = "User login name"; type = types.nullOr types.str; default = "nixos"; }; description = mkOption { description = "User description"; type = types.nullOr types.str; default = "The main PubSolarOS user"; }; password = mkOption { description = "User password"; type = types.nullOr types.str; default = null; }; passwordlessSudo = mkOption { description = "Whether this user can use sudo without entering a password"; type = types.bool; default = false; }; publicKeys = mkOption { description = "User SSH public keys"; type = types.listOf types.str; default = []; }; fullName = mkOption { description = "User full name"; type = types.nullOr types.str; default = null; }; email = mkOption { description = "User email address"; type = types.nullOr types.str; default = null; }; gpgKeyId = mkOption { description = "GPG Key ID"; type = types.nullOr types.str; default = null; }; }; }; config = { users = { mutableUsers = false; users."${psCfg.user.name}" = { # Indicates whether this is an account for a “real” user. # This automatically sets group to users, createHome to true, # home to /home/username, useDefaultShell to true, and isSystemUser to false. isNormalUser = true; description = psCfg.user.description; extraGroups = [ "input" "networkmanager" "video" "wheel" ]; shell = pkgs.bash; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else []; }; }; security.sudo.extraRules = mkIf psCfg.user.passwordlessSudo [ { users = ["${psCfg.user.name}"]; commands = [ { command = "ALL"; options = ["NOPASSWD"]; } ]; } ]; }; }