From 3b76e4a8a87beeaa82dc322561d6a79ae28d348d Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Sun, 10 Mar 2024 17:26:25 -0500
Subject: [PATCH] added users that can be disabled
---
hosts/horizon/configuration.nix | 5 +-
users/default.nix | 4 +-
users/ester/default.nix | 50 +++++++----
users/eve/default.nix | 54 ++++++++----
users/leyla/default.nix | 144 ++++++++++++++++++--------------
users/remote/default.nix | 30 +++++++
6 files changed, 193 insertions(+), 94 deletions(-)
create mode 100644 users/remote/default.nix
diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix
index 14520a0..c26438a 100644
--- a/hosts/horizon/configuration.nix
+++ b/hosts/horizon/configuration.nix
@@ -1,6 +1,5 @@
# leyla laptop
{ config, pkgs, inputs, ... }:
-
{
imports =
[
@@ -17,6 +16,10 @@
sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
+ users.leyla.isNormalUser = true;
+ users.ester.isNormalUser = true;
+ users.eve.isNormalUser = true;
+
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
diff --git a/users/default.nix b/users/default.nix
index 8471c05..077fda5 100644
--- a/users/default.nix
+++ b/users/default.nix
@@ -1,6 +1,6 @@
-{...}:
+{ ... }:
{
- imports = [ ./leyla ./ester ./eve ];
+ imports = [ ./leyla ./ester ./eve ./remote ];
users.mutableUsers = false;
}
\ No newline at end of file
diff --git a/users/ester/default.nix b/users/ester/default.nix
index 3108fca..0f7f3be 100644
--- a/users/ester/default.nix
+++ b/users/ester/default.nix
@@ -1,23 +1,45 @@
{ lib, config, pkgs, ... }:
+let
+ cfg = config.users.ester;
+in
{
- sops.secrets."passwords/ester" = {
- neededForUsers = true;
- # sopsFile = ../secrets.yaml;
+ options.users.ester = {
+ isNormalUser = lib.mkEnableOption "ester";
};
- # Define user accounts
- users.users.ester = {
- isNormalUser = true;
- uid = 1001;
- description = "Ester";
- extraGroups = [ "networkmanager" ];
+ config = {
+ sops.secrets = lib.mkIf cfg.isNormalUser {
+ "passwords/ester" = {
+ neededForUsers = true;
+ # sopsFile = ../secrets.yaml;
+ };
+ };
- hashedPasswordFile = config.sops.secrets."passwords/ester".path;
+ users.groups.ester = {};
- packages = with pkgs; [
- firefox
- bitwarden
- discord
+ users.users.ester = lib.mkMerge [
+ {
+ uid = 1001;
+ description = "Ester";
+ group = "ester";
+ }
+
+ (
+ if cfg.isNormalUser then {
+ isNormalUser = true;
+ extraGroups = [ "networkmanager" ];
+
+ hashedPasswordFile = config.sops.secrets."passwords/ester".path;
+
+ packages = with pkgs; [
+ firefox
+ bitwarden
+ discord
+ ];
+ } else {
+ isSystemUser = true;
+ }
+ )
];
};
}
\ No newline at end of file
diff --git a/users/eve/default.nix b/users/eve/default.nix
index c6ae188..d5b6f29 100644
--- a/users/eve/default.nix
+++ b/users/eve/default.nix
@@ -1,25 +1,47 @@
{ lib, config, pkgs, ... }:
+let
+ cfg = config.users.eve;
+in
{
- sops.secrets."passwords/eve" = {
- neededForUsers = true;
- # sopsFile = ../secrets.yaml;
+ options.users.eve = {
+ isNormalUser = lib.mkEnableOption "eve";
};
- # Define user accounts
- users.users.eve = {
- isNormalUser = true;
- uid = 1002;
- description = "Eve";
- extraGroups = [ "networkmanager" ];
+ config = {
+ sops.secrets = lib.mkIf cfg.isNormalUser {
+ "passwords/eve" = {
+ neededForUsers = true;
+ # sopsFile = ../secrets.yaml;
+ };
+ };
- hashedPasswordFile = config.sops.secrets."passwords/eve".path;
+ users.groups.eve = {};
- packages = with pkgs; [
- firefox
- bitwarden
- discord
- makemkv
- signal-desktop
+ users.users.eve = lib.mkMerge [
+ {
+ uid = 1002;
+ description = "Eve";
+ group = "eve";
+ }
+
+ (
+ if cfg.isNormalUser then {
+ isNormalUser = true;
+ extraGroups = [ "networkmanager" ];
+
+ hashedPasswordFile = config.sops.secrets."passwords/eve".path;
+
+ packages = with pkgs; [
+ firefox
+ bitwarden
+ discord
+ makemkv
+ signal-desktop
+ ];
+ } else {
+ isSystemUser = true;
+ }
+ )
];
};
}
\ No newline at end of file
diff --git a/users/leyla/default.nix b/users/leyla/default.nix
index d902f51..7192d10 100644
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@@ -1,69 +1,91 @@
{ lib, config, pkgs, ... }:
+let
+ cfg = config.users.leyla;
+in
{
- sops.secrets."passwords/leyla" = {
- neededForUsers = true;
- # sopsFile = ../secrets.yaml;
+ options.users.leyla = {
+ isNormalUser = lib.mkEnableOption "leyla";
};
- # Define user accounts
- users.users.leyla = {
- isNormalUser = true;
- uid = 1000;
- description = "Leyla";
- extraGroups = [ "networkmanager" "wheel" ];
+ config = {
+ sops.secrets = lib.mkIf cfg.isNormalUser {
+ "passwords/leyla" = {
+ neededForUsers = true;
+ # sopsFile = ../secrets.yaml;
+ };
+ };
- hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
-
- packages = with pkgs; [
- iputils
- dnsutils
- git
- firefox
- signal-desktop
- obsidian
- bitwarden
- vscodium
- nextcloud-client
- inkscape
- steam
- discord
- rhythmbox
- makemkv
- protonvpn-gui
- transmission-gtk
- freecad
- mupen64plus
- dbeaver
- easytag
- cura
- kicad-small
-# jdk
-# android-tools
-# android-studio
- androidStudioPackages.canary
- jetbrains.idea-community
- ungoogled-chromium
- nodejs
- exiftool
- libreoffice
- # N64 Emulator
- mupen64plus
- # GameCube Emulator and Wii Emulator
- dolphin-emu
- # Switch Emulator
- yuzu-mainline
- # Atari 2600 Emulator
- stella
- # mame Emulator
- mame
- # Game Boy Advanced Emulator
- vbam
- # NES Emulator
- fceux
- # SNES Emulator
- zsnes
- # DS Emulator
- desmume
+ users.groups.leyla = {};
+
+ users.users.leyla = lib.mkMerge [
+ {
+ uid = 1000;
+ description = "Leyla";
+ group = "leyla";
+ }
+
+ (
+ if cfg.isNormalUser then {
+ isNormalUser = true;
+ extraGroups = [ "networkmanager" "wheel" ];
+
+ hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
+
+ packages = with pkgs; [
+ iputils
+ dnsutils
+ git
+ firefox
+ signal-desktop
+ obsidian
+ bitwarden
+ vscodium
+ nextcloud-client
+ inkscape
+ steam
+ discord
+ rhythmbox
+ makemkv
+ protonvpn-gui
+ transmission-gtk
+ freecad
+ mupen64plus
+ dbeaver
+ easytag
+ cura
+ kicad-small
+ # jdk
+ # android-tools
+ # android-studio
+ androidStudioPackages.canary
+ jetbrains.idea-community
+ ungoogled-chromium
+ nodejs
+ exiftool
+ libreoffice
+ # N64 Emulator
+ mupen64plus
+ # GameCube Emulator and Wii Emulator
+ dolphin-emu
+ # Switch Emulator
+ yuzu-mainline
+ # Atari 2600 Emulator
+ stella
+ # mame Emulator
+ mame
+ # Game Boy Advanced Emulator
+ vbam
+ # NES Emulator
+ fceux
+ # SNES Emulator
+ zsnes
+ # DS Emulator
+ desmume
+ ];
+ } else {
+ isSystemUser = true;
+ }
+ )
];
};
}
\ No newline at end of file
diff --git a/users/remote/default.nix b/users/remote/default.nix
new file mode 100644
index 0000000..491bc51
--- /dev/null
+++ b/users/remote/default.nix
@@ -0,0 +1,30 @@
+{ lib, config, ... }:
+let
+ cfg = config.users.remote;
+in
+{
+ options.users.remote = {
+ isNormalUser = lib.mkEnableOption "remote";
+ };
+
+ config.users = {
+ groups.remote = {};
+
+ users.remote = lib.mkMerge [
+ {
+ uid = 2000;
+ group = "remote";
+ }
+
+ (
+ if cfg.isNormalUser then {
+ # extraGroups = [ "wheel" ];
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = [];
+ } else {
+ isSystemUser = true;
+ }
+ )
+ ];
+ };
+}
\ No newline at end of file