1
Fork 0
satellite/hosts/nixos/common/users/pilot.nix

70 lines
1.7 KiB
Nix
Raw Normal View History

2023-01-10 02:38:06 +01:00
{
2024-08-26 17:38:47 +02:00
pkgs,
outputs,
config,
lib,
...
}:
{
2024-08-27 23:28:37 +02:00
# This is it's own attribute in order to prevent infinite recursion
# in certain places.
2024-08-26 17:38:47 +02:00
satellite.pilot.name = lib.mkDefault "adrielus";
2024-05-21 01:37:39 +02:00
2024-08-27 23:28:37 +02:00
# {{{ Password handling
2024-05-21 01:37:39 +02:00
sops.secrets.pilot_password = {
2024-01-31 20:03:00 +01:00
sopsFile = ../secrets.yaml;
neededForUsers = true;
};
2024-08-27 23:28:37 +02:00
# }}}
2023-01-10 02:38:06 +01:00
users = {
# Configure users through nix only
mutableUsers = false;
2024-08-27 23:28:37 +02:00
# {{{ Create pilot user
2024-05-21 01:37:39 +02:00
users.pilot = {
inherit (config.satellite.pilot) name;
2024-07-08 03:18:36 +02:00
# This gets referenced in other parts of the config
uid = 1000;
2024-08-26 17:38:47 +02:00
# Adds me to some default groups, and creates the home dir
2023-05-28 02:00:10 +02:00
isNormalUser = true;
2023-12-12 14:32:06 +01:00
# Picked up by our persistence module
2024-05-21 01:37:39 +02:00
homeMode = "700";
2023-12-12 14:32:06 +01:00
2023-01-10 02:38:06 +01:00
# Add user to the following groups
extraGroups = [
2023-05-28 02:00:10 +02:00
"wheel" # Access to sudo
"lp" # Printers
"audio" # Audio devices
"video" # Webcam and the like
"network" # wpa_supplicant
2023-07-17 16:50:07 +02:00
"syncthing" # syncthing!
2023-01-10 02:38:06 +01:00
];
2024-05-21 01:37:39 +02:00
hashedPasswordFile = config.sops.secrets.pilot_password.path;
2024-01-31 20:03:00 +01:00
shell = pkgs.fish;
2024-08-26 17:38:47 +02:00
openssh.authorizedKeys.keyFiles = (import ./common.nix).authorizedKeys { inherit outputs lib; };
};
2024-08-27 23:28:37 +02:00
# }}}
2023-01-10 02:38:06 +01:00
};
2024-08-27 23:28:37 +02:00
# {{{ Set user-specific ssh permissions
# This is mainly useful because home-manager can often fail if the perms on
# `~/.ssh` are incorrect.
systemd.tmpfiles.rules =
let
user = config.users.users.pilot;
ssh = "/persist/state/${user.home}/ssh/.ssh";
in
[
"d ${ssh} 0755 ${user.name} ${user.group}"
"e ${ssh}/id_rsa 0700 ${user.name} ${user.group}"
"e ${ssh}/id_ed25519 0700 ${user.name} ${user.group}"
];
# }}}
2023-01-10 02:38:06 +01:00
}