From bbda84ca261397086f866ece115c4ec9111d4d02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Tue, 16 Apr 2024 10:51:59 +0200 Subject: Try to improve the code --- nixos/modules/users.nix | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 nixos/modules/users.nix (limited to 'nixos/modules/users.nix') diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix new file mode 100644 index 0000000..d169423 --- /dev/null +++ b/nixos/modules/users.nix @@ -0,0 +1,78 @@ +{ + pkgs, + config, + ... +}: let + isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform; + isArm = config.nixpkgs.hostPlatform.isAarch; +in { + users = { + mutableUsers = false; + groups.cynerd.gid = 1000; + users = { + root = { + hashedPasswordFile = "/run/secrets/root.pass"; + }; + cynerd = { + group = "cynerd"; + extraGroups = ["users" "wheel" "dialout" "kvm" "uucp" "wireshark" "leds"]; + uid = 1000; + subUidRanges = [ + { + count = 65534; + startUid = 10000; + } + ]; + subGidRanges = [ + { + count = 65534; + startGid = 10000; + } + ]; + isNormalUser = true; + createHome = true; + shell = + if isNative + then pkgs.zsh.out + else pkgs.bash.out; + hashedPasswordFile = "/run/secrets/cynerd.pass"; + openssh.authorizedKeys.keyFiles = [ + (config.personal-secrets + "/unencrypted/git-private.pub") + ]; + }; + }; + }; + + security.sudo.extraRules = [ + { + groups = ["wheel"]; + commands = ["ALL"]; + } + ]; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + programs = { + zsh = { + enable = isNative; + syntaxHighlighting.enable = isNative; + }; + shellrc = true; + vim.defaultEditor = isArm; + neovim = { + enable = !isArm; + defaultEditor = true; + withNodeJs = true; + }; + + wireshark.enable = true; + }; + + programs.fuse.userAllowOther = true; +} -- cgit v1.2.3