mochi/nixos/profiles/global/users.nix

55 lines
1.5 KiB
Nix

{ pkgs, config, ... }:
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
sops.secrets = {
jahanson-password = {
sopsFile = ./secrets.sops.yaml;
neededForUsers = true;
};
};
users = {
groups = {
kah = {
gid = 568;
};
};
users = {
kah = {
isSystemUser = true;
group = "kah";
uid = 568;
};
jahanson = {
isNormalUser = true;
shell = pkgs.fish;
hashedPasswordFile = config.sops.secrets.jahanson-password.path;
extraGroups =
[
"wheel"
"kah"
]
++ ifTheyExist [
"network"
"samba-users"
"docker"
"podman"
"audio" # pulseaudio
"libvirtd"
"wireshark"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDJtqzSFK3MN12Lo3Y4DnzJV5NiygIPkR+gun5oEb2q jahanson@legiondary"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w jahanson@durincore"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcLI5qN69BuoLp8p7nTYKoLdsBNmZB31OerZ63Car1g jahanson@telchar"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHwUOBEd0z2Jh6qJi4JeJbWdbU665E8/cP44iaUjW1DA jahanson@shadowfax"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPHzVi4xC6aLYsC4iiIX9rBfEh/FkWZilukLxmfjU9DE jahanson@gandalf"
];
};
};
};
}