modules/by-name/us/users/module.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

# nixos-config - My current NixOS configuration
#
# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de>
# SPDX-License-Identifier: GPL-3.0-or-later
#
# This file is part of my nixos-config.
#
# You should have received a copy of the License along with this program.
# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.
{
  config,
  pkgs,
  lib,
  ...
}: let
  cfg = config.soispha.users;
in {
  options.soispha.users = {
    enable = lib.mkEnableOption "user set-up for soispha";

    hashedPassword = lib.mkOption {
      type = lib.types.str;
      example = lib.literalExpression "$y$jFT$ONrCqZIJKB7engmfA4orD/$0GO58/wV5wrYWj0cyONhyujZPjFmbT0XKtx2AvXLG0B";
      description = "The hashed password of the user";
    };
    groups = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = ["wheel"];
      description = "The groups the soispha user should be part of";
    };

    # Although deprecated, this helps with old udev rules, that still use this group.
    # TODO: Try to find a way to remove this option (i.e. set it always to false).
    enableDeprecatedPlugdev = lib.mkEnableOption "the deprecated plugdev group for the user";
  };

  config = lib.mkIf cfg.enable {
    # Ensure that the default shell of the user is actually enabled.
    programs.zsh.enable = true;

    users = {
      mutableUsers = false;

      users = {
        soispha = {
          isNormalUser = true;
          home = "/home/soispha";
          createHome = true;
          shell = pkgs.zsh;
          initialHashedPassword = cfg.hashedPassword;
          extraGroups = cfg.groups ++ lib.optional cfg.enableDeprecatedPlugdev "plugdev";

          uid = 1000;
          openssh.authorizedKeys.keys = [
            # TODO: This should be parameterized. <2024-05-16>
            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIME4ZVa+IoZf6T3U08JG93i6QIAJ4amm7mkBzO14JSkz"
          ];
        };

        root = {
          hashedPassword = lib.mkForce null; # to lock root
          openssh.authorizedKeys.keys = lib.mkForce [];
        };
      };
    };

    home-manager.users = {
      soispha.home = {
        username = "soispha";
        homeDirectory = config.users.users.soispha.home;
        stateVersion = "23.05";
        enableNixpkgsReleaseCheck = true;
      };

      root.home = {
        username = "root";
        homeDirectory = config.users.users.root.home;
        stateVersion = "23.05";
        enableNixpkgsReleaseCheck = true;
      };
    };
  };
}