added users that can be disabled

2024-03-10 17:26:25 -05:00 · 2024-03-10 17:26:25 -05:00 · 3b76e4a8a8
commit 3b76e4a8a8
parent b60bacf752
6 changed files with 193 additions and 94 deletions
--- a/hosts/horizon/configuration.nix
+++ b/hosts/horizon/configuration.nix
@ -1,6 +1,5 @@
 # leyla laptop
 { config, pkgs, inputs, ... }:
 {
  imports =
    [
@ -17,6 +16,10 @@
  sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
  users.leyla.isNormalUser = true;
  users.ester.isNormalUser = true;
  users.eve.isNormalUser = true;
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
--- a/users/default.nix
+++ b/users/default.nix
@ -1,6 +1,6 @@
 { ... }:
 {
-  imports = [ ./leyla ./ester ./eve ];
+  imports = [ ./leyla ./ester ./eve ./remote ];
  users.mutableUsers = false;
 }
--- a/users/ester/default.nix
+++ b/users/ester/default.nix
@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
 let
  cfg = config.users.ester;
 in
 {
-  sops.secrets."passwords/ester" = {
+  options.users.ester = {
    isNormalUser = lib.mkEnableOption "ester";
  };
  config = {
    sops.secrets = lib.mkIf cfg.isNormalUser {
      "passwords/ester" = {
        neededForUsers = true;
        # sopsFile = ../secrets.yaml;
      };
    };
-  # Define user accounts
+    users.groups.ester = {};
-  users.users.ester = {
+
-    isNormalUser = true;
+    users.users.ester = lib.mkMerge [
      {
        uid = 1001;
        description = "Ester";
        group = "ester";
      }
      (
        if cfg.isNormalUser then {
          isNormalUser = true;
          extraGroups = [ "networkmanager" ];
          hashedPasswordFile = config.sops.secrets."passwords/ester".path;
@ -19,5 +36,10 @@
            bitwarden
            discord
          ];
        } else {
          isSystemUser = true;
        }
      )
    ];
  };
 }
--- a/users/eve/default.nix
+++ b/users/eve/default.nix
@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
 let
  cfg = config.users.eve;
 in
 {
-  sops.secrets."passwords/eve" = {
+  options.users.eve = {
    isNormalUser = lib.mkEnableOption "eve";
  };
  config = {
    sops.secrets = lib.mkIf cfg.isNormalUser {
      "passwords/eve" = {
        neededForUsers = true;
        # sopsFile = ../secrets.yaml;
      };
    };
-  # Define user accounts
+    users.groups.eve = {};
-  users.users.eve = {
+
-    isNormalUser = true;
+    users.users.eve = lib.mkMerge [
      {
        uid = 1002;
        description = "Eve";
        group = "eve";
      }
      (
        if cfg.isNormalUser then {
          isNormalUser = true;
          extraGroups = [ "networkmanager" ];
          hashedPasswordFile = config.sops.secrets."passwords/eve".path;
@ -21,5 +38,10 @@
            makemkv
            signal-desktop
          ];
        } else {
          isSystemUser = true;
        }
      )
    ];
  };
 }
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
 let
  cfg = config.users.leyla;
 in
 {
-  sops.secrets."passwords/leyla" = {
+  options.users.leyla = {
    isNormalUser = lib.mkEnableOption "leyla";
  };
  config = {
    sops.secrets = lib.mkIf cfg.isNormalUser {
      "passwords/leyla" = {
        neededForUsers = true;
        # sopsFile = ../secrets.yaml;
      };
    };
-  # Define user accounts
+    users.groups.leyla = {};
-  users.users.leyla = {
+
-    isNormalUser = true;
+    users.users.leyla = lib.mkMerge [
      {
        uid = 1000;
        description = "Leyla";
        group = "leyla";
      }
      (
        if cfg.isNormalUser then {
          isNormalUser = true;
          extraGroups = [ "networkmanager" "wheel" ];
          hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
@ -65,5 +82,10 @@
            # DS Emulator
            desmume
          ];
        } else {
          isSystemUser = true;
        }
      )
    ];
  };
 }
--- a/users/remote/default.nix
+++ b/users/remote/default.nix
@ -0,0 +1,30 @@
 {  lib, config, ... }:
 let
  cfg = config.users.remote;
 in
 {
  options.users.remote = {
    isNormalUser = lib.mkEnableOption "remote";
  };
  config.users = {
    groups.remote = {};
    users.remote = lib.mkMerge [
      {
        uid = 2000;
        group = "remote";
      }
      (
        if cfg.isNormalUser then {
          # extraGroups = [ "wheel" ];
          isNormalUser = true;
          openssh.authorizedKeys.keys = [];
        } else {
          isSystemUser = true;
        }
      )
    ];
  };
 }