# vim: ts=2 { config, pkgs, lib, ... }: let cfg = config.soispha.users; in { options.soispha.users = { # enable = lib.mkEnableOption (lib.mdDoc "users"); hashedPassword = lib.mkOption { type = lib.types.str; example = lib.literalExpression "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B"; default = "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B"; description = lib.mdDoc "Hashed password for the user"; }; }; config = { # I was told, that this solves some nasty problems: programs.zsh.enable = true; users = { groups = { plugdev.members = ["soispha"]; }; mutableUsers = false; users.soispha = { isNormalUser = true; home = "/home/soispha"; createHome = true; shell = pkgs.zsh; initialHashedPassword = cfg.hashedPassword; extraGroups = [ "plugdev" # although deprecated, this helps with old udev rules, that still use this group. TODO check for an open issue "wheel" "networkmanager" # if I activate network-manager, this will help "libvirtd" # needed to run libvirt stuff as this user "scanner" # needed for permission to access the scanner ]; uid = 1000; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBFuTNNn71Rhfnop2cdz3r/RhWWlCePnSBOhTBbu2ME soispha" ]; }; }; # system.activationScripts.home_permissions = # pkgs.lib.stringAfter ["users"] # '' # mkdir /home/soispha # chmod 700 /home/soispha # chown -hR soispha:users /home/soispha # ''; }; }