added users that can be disabled

2024-03-10 17:26:25 -05:00 · 2024-03-10 17:26:25 -05:00 · 3b76e4a8a8
parent b60bacf752
commit 3b76e4a8a8
6 changed files with 193 additions and 94 deletions
--- a/hosts/horizon/configuration.nix
+++ b/hosts/horizon/configuration.nix
@ -1,6 +1,5 @@
 # leyla laptop
 { config, pkgs, inputs, ... }:
-
 {
  imports =
    [
@ -17,6 +16,10 @@

  sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";

+  users.leyla.isNormalUser = true;
+  users.ester.isNormalUser = true;
+  users.eve.isNormalUser = true;
+
  # Bootloader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
--- a/users/default.nix
+++ b/users/default.nix
@ -1,6 +1,6 @@
 { ... }:
 {
-  imports = [ ./leyla ./ester ./eve ];
+  imports = [ ./leyla ./ester ./eve ./remote ];

  users.mutableUsers = false;
 }
--- a/users/ester/default.nix
+++ b/users/ester/default.nix
@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.ester;
+in
 {
-  sops.secrets."passwords/ester" = {
+  options.users.ester = {
+    isNormalUser = lib.mkEnableOption "ester";
+  };
+
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/ester" = {
        neededForUsers = true;
        # sopsFile = ../secrets.yaml;
      };
+    };

-  # Define user accounts
-  users.users.ester = {
-    isNormalUser = true;
+    users.groups.ester = {};
+
+    users.users.ester = lib.mkMerge [
+      {
        uid = 1001;
        description = "Ester";
+        group = "ester";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
          extraGroups = [ "networkmanager" ];

          hashedPasswordFile = config.sops.secrets."passwords/ester".path;
@ -19,5 +36,10 @@
            bitwarden
            discord
          ];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
  };
 }
--- a/users/eve/default.nix
+++ b/users/eve/default.nix
@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.eve;
+in
 {
-  sops.secrets."passwords/eve" = {
+  options.users.eve = {
+    isNormalUser = lib.mkEnableOption "eve";
+  };
+
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/eve" = {
        neededForUsers = true;
        # sopsFile = ../secrets.yaml;
      };
+    };

-  # Define user accounts
-  users.users.eve = {
-    isNormalUser = true;
+    users.groups.eve = {};
+
+    users.users.eve = lib.mkMerge [
+      {
        uid = 1002;
        description = "Eve";
+        group = "eve";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
          extraGroups = [ "networkmanager" ];

          hashedPasswordFile = config.sops.secrets."passwords/eve".path;
@ -21,5 +38,10 @@
            makemkv
            signal-desktop
          ];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
  };
 }
--- a/users/leyla/default.nix
+++ b/users/leyla/default.nix
@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.leyla;
+in
 {
-  sops.secrets."passwords/leyla" = {
+  options.users.leyla = {
+    isNormalUser = lib.mkEnableOption "leyla";
+  };
+
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/leyla" = {
        neededForUsers = true;
        # sopsFile = ../secrets.yaml;
      };
+    };

-  # Define user accounts
-  users.users.leyla = {
-    isNormalUser = true;
+    users.groups.leyla = {};
+
+    users.users.leyla = lib.mkMerge [
+      {
        uid = 1000;
        description = "Leyla";
+        group = "leyla";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
          extraGroups = [ "networkmanager" "wheel" ];

          hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
@ -65,5 +82,10 @@
            # DS Emulator
            desmume
          ];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
  };
 }
--- a/users/remote/default.nix
+++ b/users/remote/default.nix
@ -0,0 +1,30 @@
+{  lib, config, ... }:
+let
+  cfg = config.users.remote;
+in
+{
+  options.users.remote = {
+    isNormalUser = lib.mkEnableOption "remote";
+  };
+
+  config.users = {
+    groups.remote = {};
+
+    users.remote = lib.mkMerge [
+      {
+        uid = 2000;
+        group = "remote";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          # extraGroups = [ "wheel" ];
+          isNormalUser = true;
+          openssh.authorizedKeys.keys = [];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
+  };
+}