From 3b76e4a8a87beeaa82dc322561d6a79ae28d348d Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Sun, 10 Mar 2024 17:26:25 -0500 Subject: [PATCH] added users that can be disabled --- hosts/horizon/configuration.nix | 5 +- users/default.nix | 4 +- users/ester/default.nix | 50 +++++++---- users/eve/default.nix | 54 ++++++++---- users/leyla/default.nix | 144 ++++++++++++++++++-------------- users/remote/default.nix | 30 +++++++ 6 files changed, 193 insertions(+), 94 deletions(-) create mode 100644 users/remote/default.nix diff --git a/hosts/horizon/configuration.nix b/hosts/horizon/configuration.nix index 14520a0..c26438a 100644 --- a/hosts/horizon/configuration.nix +++ b/hosts/horizon/configuration.nix @@ -1,6 +1,5 @@ # leyla laptop { config, pkgs, inputs, ... }: - { imports = [ @@ -17,6 +16,10 @@ sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt"; + users.leyla.isNormalUser = true; + users.ester.isNormalUser = true; + users.eve.isNormalUser = true; + # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/users/default.nix b/users/default.nix index 8471c05..077fda5 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,6 +1,6 @@ -{...}: +{ ... }: { - imports = [ ./leyla ./ester ./eve ]; + imports = [ ./leyla ./ester ./eve ./remote ]; users.mutableUsers = false; } \ No newline at end of file diff --git a/users/ester/default.nix b/users/ester/default.nix index 3108fca..0f7f3be 100644 --- a/users/ester/default.nix +++ b/users/ester/default.nix @@ -1,23 +1,45 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.ester; +in { - sops.secrets."passwords/ester" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.ester = { + isNormalUser = lib.mkEnableOption "ester"; }; - # Define user accounts - users.users.ester = { - isNormalUser = true; - uid = 1001; - description = "Ester"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/ester" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/ester".path; + users.groups.ester = {}; - packages = with pkgs; [ - firefox - bitwarden - discord + users.users.ester = lib.mkMerge [ + { + uid = 1001; + description = "Ester"; + group = "ester"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/ester".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/eve/default.nix b/users/eve/default.nix index c6ae188..d5b6f29 100644 --- a/users/eve/default.nix +++ b/users/eve/default.nix @@ -1,25 +1,47 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.eve; +in { - sops.secrets."passwords/eve" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.eve = { + isNormalUser = lib.mkEnableOption "eve"; }; - # Define user accounts - users.users.eve = { - isNormalUser = true; - uid = 1002; - description = "Eve"; - extraGroups = [ "networkmanager" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/eve" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/eve".path; + users.groups.eve = {}; - packages = with pkgs; [ - firefox - bitwarden - discord - makemkv - signal-desktop + users.users.eve = lib.mkMerge [ + { + uid = 1002; + description = "Eve"; + group = "eve"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" ]; + + hashedPasswordFile = config.sops.secrets."passwords/eve".path; + + packages = with pkgs; [ + firefox + bitwarden + discord + makemkv + signal-desktop + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/leyla/default.nix b/users/leyla/default.nix index d902f51..7192d10 100644 --- a/users/leyla/default.nix +++ b/users/leyla/default.nix @@ -1,69 +1,91 @@ { lib, config, pkgs, ... }: +let + cfg = config.users.leyla; +in { - sops.secrets."passwords/leyla" = { - neededForUsers = true; - # sopsFile = ../secrets.yaml; + options.users.leyla = { + isNormalUser = lib.mkEnableOption "leyla"; }; - # Define user accounts - users.users.leyla = { - isNormalUser = true; - uid = 1000; - description = "Leyla"; - extraGroups = [ "networkmanager" "wheel" ]; + config = { + sops.secrets = lib.mkIf cfg.isNormalUser { + "passwords/leyla" = { + neededForUsers = true; + # sopsFile = ../secrets.yaml; + }; + }; - hashedPasswordFile = config.sops.secrets."passwords/leyla".path; - - packages = with pkgs; [ - iputils - dnsutils - git - firefox - signal-desktop - obsidian - bitwarden - vscodium - nextcloud-client - inkscape - steam - discord - rhythmbox - makemkv - protonvpn-gui - transmission-gtk - freecad - mupen64plus - dbeaver - easytag - cura - kicad-small -# jdk -# android-tools -# android-studio - androidStudioPackages.canary - jetbrains.idea-community - ungoogled-chromium - nodejs - exiftool - libreoffice - # N64 Emulator - mupen64plus - # GameCube Emulator and Wii Emulator - dolphin-emu - # Switch Emulator - yuzu-mainline - # Atari 2600 Emulator - stella - # mame Emulator - mame - # Game Boy Advanced Emulator - vbam - # NES Emulator - fceux - # SNES Emulator - zsnes - # DS Emulator - desmume + users.groups.leyla = {}; + + users.users.leyla = lib.mkMerge [ + { + uid = 1000; + description = "Leyla"; + group = "leyla"; + } + + ( + if cfg.isNormalUser then { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" ]; + + hashedPasswordFile = config.sops.secrets."passwords/leyla".path; + + packages = with pkgs; [ + iputils + dnsutils + git + firefox + signal-desktop + obsidian + bitwarden + vscodium + nextcloud-client + inkscape + steam + discord + rhythmbox + makemkv + protonvpn-gui + transmission-gtk + freecad + mupen64plus + dbeaver + easytag + cura + kicad-small + # jdk + # android-tools + # android-studio + androidStudioPackages.canary + jetbrains.idea-community + ungoogled-chromium + nodejs + exiftool + libreoffice + # N64 Emulator + mupen64plus + # GameCube Emulator and Wii Emulator + dolphin-emu + # Switch Emulator + yuzu-mainline + # Atari 2600 Emulator + stella + # mame Emulator + mame + # Game Boy Advanced Emulator + vbam + # NES Emulator + fceux + # SNES Emulator + zsnes + # DS Emulator + desmume + ]; + } else { + isSystemUser = true; + } + ) ]; }; } \ No newline at end of file diff --git a/users/remote/default.nix b/users/remote/default.nix new file mode 100644 index 0000000..491bc51 --- /dev/null +++ b/users/remote/default.nix @@ -0,0 +1,30 @@ +{ lib, config, ... }: +let + cfg = config.users.remote; +in +{ + options.users.remote = { + isNormalUser = lib.mkEnableOption "remote"; + }; + + config.users = { + groups.remote = {}; + + users.remote = lib.mkMerge [ + { + uid = 2000; + group = "remote"; + } + + ( + if cfg.isNormalUser then { + # extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keys = []; + } else { + isSystemUser = true; + } + ) + ]; + }; +} \ No newline at end of file