added users that can be disabled

hosts/horizon/configuration.nix

@@ -1,6 +1,5 @@
 # leyla laptop
 { config, pkgs, inputs, ... }:
-
 {
   imports =
     [
@@ -17,6 +16,10 @@
 
   sops.age.keyFile = "/home/leyla/.config/sops/age/keys.txt";
 
+  users.leyla.isNormalUser = true;
+  users.ester.isNormalUser = true;
+  users.eve.isNormalUser = true;
+
   # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;

users/default.nix

@@ -1,6 +1,6 @@
-{...}:
+{ ... }:
 {
-  imports = [ ./leyla ./ester ./eve ];
+  imports = [ ./leyla ./ester ./eve ./remote ];
 
   users.mutableUsers = false;
 }

users/ester/default.nix

@@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.ester;
+in
 {
-  sops.secrets."passwords/ester" = {
+  options.users.ester = {
+    isNormalUser = lib.mkEnableOption "ester";
+  };
+
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/ester" = {
         neededForUsers = true;
         # sopsFile = ../secrets.yaml;
       };
+    };
 
-  # Define user accounts
+    users.groups.ester = {};
-  users.users.ester = {
+
-    isNormalUser = true;
+    users.users.ester = lib.mkMerge [
+      {
         uid = 1001;
         description = "Ester";
+        group = "ester";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
           extraGroups = [ "networkmanager" ];
 
           hashedPasswordFile = config.sops.secrets."passwords/ester".path;
@@ -19,5 +36,10 @@
             bitwarden
             discord
           ];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
   };
 }

users/eve/default.nix

@@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.eve;
+in
 {
-  sops.secrets."passwords/eve" = {
+  options.users.eve = {
+    isNormalUser = lib.mkEnableOption "eve";
+  };
+
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/eve" = {
         neededForUsers = true;
         # sopsFile = ../secrets.yaml;
       };
+    };
 
-  # Define user accounts
+    users.groups.eve = {};
-  users.users.eve = {
+
-    isNormalUser = true;
+    users.users.eve = lib.mkMerge [
+      {
         uid = 1002;
         description = "Eve";
+        group = "eve";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
           extraGroups = [ "networkmanager" ];
 
           hashedPasswordFile = config.sops.secrets."passwords/eve".path;
@@ -21,5 +38,10 @@
             makemkv
             signal-desktop
           ];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
   };
 }

users/leyla/default.nix

@@ -1,15 +1,32 @@
 { lib, config, pkgs, ... }:
+let
+  cfg = config.users.leyla;
+in
 {
-  sops.secrets."passwords/leyla" = {
+  options.users.leyla = {
+    isNormalUser = lib.mkEnableOption "leyla";
+  };
+
+  config = {
+    sops.secrets = lib.mkIf cfg.isNormalUser {
+      "passwords/leyla" = {
         neededForUsers = true;
         # sopsFile = ../secrets.yaml;
       };
+    };
 
-  # Define user accounts
+    users.groups.leyla = {};
-  users.users.leyla = {
+
-    isNormalUser = true;
+    users.users.leyla = lib.mkMerge [
+      {
         uid = 1000;
         description = "Leyla";
+        group = "leyla";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          isNormalUser = true;
           extraGroups = [ "networkmanager" "wheel" ];
 
           hashedPasswordFile = config.sops.secrets."passwords/leyla".path;
@@ -37,9 +54,9 @@
             easytag
             cura
             kicad-small
-#        jdk
+      #        jdk
-#        android-tools
+      #        android-tools
-#        android-studio
+      #        android-studio
             androidStudioPackages.canary
             jetbrains.idea-community
             ungoogled-chromium
@@ -65,5 +82,10 @@
             # DS Emulator
             desmume
           ];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
   };
 }

users/remote/default.nix

@@ -0,0 +1,30 @@
+{  lib, config, ... }:
+let
+  cfg = config.users.remote;
+in
+{
+  options.users.remote = {
+    isNormalUser = lib.mkEnableOption "remote";
+  };
+
+  config.users = {
+    groups.remote = {};
+
+    users.remote = lib.mkMerge [
+      {
+        uid = 2000;
+        group = "remote";
+      }
+
+      (
+        if cfg.isNormalUser then {
+          # extraGroups = [ "wheel" ];
+          isNormalUser = true;
+          openssh.authorizedKeys.keys = [];
+        } else {
+          isSystemUser = true;
+        }
+      )
+    ];
+  };
+}