nixos-config/base/users.nix

{
  config,
  lib,
  pkgs,
  ...
}: let
  secrets = config.my.secrets;
in {
  users.mutableUsers = false;
  users.users.root = {
    passwordFile = config.age.secrets."users/root-hashed-password".path;
  };
  users.users.alarsyo = {
    passwordFile = config.age.secrets."users/alarsyo-hashed-password".path;
    isNormalUser = true;
    extraGroups = [
      "media"
      "networkmanager"
      "video" # for `light` permissions
      "docker"
      "wheel" # Enable ‘sudo’ for the user.
    ];
    shell = pkgs.fish;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
    ];
  };
}
-												base: setup default config

											
										
										
											2021-02-14 13:18:13 +01:00
+								{
-												format all code with alejandra

											
										
										
											2022-04-10 11:54:58 +02:00
+								  config,
 								  lib,
 								  pkgs,
 								  ...
 								}: let
 								  secrets = config.my.secrets;
 								in {
-												base: setup default config

											
										
										
											2021-02-14 13:18:13 +01:00
+								  users.mutableUsers = false;
 								  users.users.root = {
-												secrets: move hashed passwords to agenix

											
										
										
											2022-01-18 11:41:37 +01:00
+								    passwordFile = config.age.secrets."users/root-hashed-password".path;
-												base: setup default config

											
										
										
											2021-02-14 13:18:13 +01:00
+								  };
 								  users.users.alarsyo = {
-												secrets: move hashed passwords to agenix

											
										
										
											2022-01-18 11:41:37 +01:00
+								    passwordFile = config.age.secrets."users/alarsyo-hashed-password".path;
-												base: setup default config

											
										
										
											2021-02-14 13:18:13 +01:00
+								    isNormalUser = true;
-												base: add main user to media group

											
										
										
											2021-02-19 21:46:19 +01:00
+								    extraGroups = [
 								      "media"
-												boreal: initial setup

											
										
										
											2021-04-16 21:33:48 +02:00
+								      "networkmanager"
-												base: users: add alarsyo to video group

											
										
										
											2021-07-24 01:30:54 +02:00
+								      "video" # for `light` permissions
-												poseidon: enable docker and docker-compose

											
										
										
											2021-07-12 17:14:52 +02:00
+								      "docker"
-												base: add main user to media group

											
										
										
											2021-02-19 21:46:19 +01:00
+								      "wheel" # Enable ‘sudo’ for the user.
 								    ];
-												base: setup default config

											
										
										
											2021-02-14 13:18:13 +01:00
+								    shell = pkgs.fish;
 								    openssh.authorizedKeys.keys = [
-												base: use yubikey ssh key for login

											
										
										
											2022-11-14 19:28:56 +01:00
+								      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey"
-												base: setup default config

											
										
										
											2021-02-14 13:18:13 +01:00
+								      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
 								    ];
 								  };
 								}