xin/users/default.nix

{ config
, lib
, pkgs
, ...
}:
with lib; let
  userBase = {
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys =
      config.myconf.hwPubKeys
      ++ config.myconf.managementPubKeys;
  };
in
{
  options = {
    defaultUsers = {
      enable = mkOption {
        description = "Enable regular set of users";
        default = if (builtins.hasAttr "${config.networking.hostName}" config.xin-secrets) then true else false;
        example = true;
        type = lib.types.bool;
      };
    };
  };

  config =
    let
      inherit (config.networking) hostName;
      hasQbit =
        if (builtins.hasAttr hostName config.xin-secrets) &&
          (builtins.hasAttr "qbit" config.xin-secrets.${hostName}.user_passwords) then true else false;
    in
    mkIf config.defaultUsers.enable {
      sops =
        let
          secretAttrs = config.xin-secrets.${hostName}.user_passwords;
        in
        {
          age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
          secrets = mkMerge [
            {
              root_hash =
                {
                  name = "hash";
                  sopsFile = secretAttrs.root;
                  owner = "root";
                  mode = "400";
                  neededForUsers = true;
                };
            }
            (mkIf hasQbit {
              qbit_hash = {
                sopsFile = secretAttrs.qbit;
                owner = "root";
                mode = "400";
                neededForUsers = true;
              };
            })
          ];
        };
      users = {
        mutableUsers = false;
        users = mkMerge [
          {
            root = userBase // {
              hashedPasswordFile = config.sops.secrets.root_hash.path;
            };
          }
          (mkIf hasQbit {
            qbit = userBase // {
              isNormalUser = true;
              description = "Aaron Bieber";
              home = "/home/qbit";
              extraGroups = [ "wheel" ];
              hashedPasswordFile = config.sops.secrets.qbit_hash.path;
            };
          })
        ];
      };
    };
}
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`{ config`
			`, lib`
			`, pkgs`
			`, ...`
all: format with alejandra 2023-07-11 09:12:50 -06:00			`}:`
			`with lib; let`
hello world! 2022-08-25 12:21:35 -06:00			`userBase = {`
			`shell = pkgs.zsh;`
all: format with alejandra 2023-07-11 09:12:50 -06:00			`openssh.authorizedKeys.keys =`
			`config.myconf.hwPubKeys`
all: add ssh key with access to run xin-status 2022-11-07 07:22:51 -07:00			`++ config.myconf.managementPubKeys;`
hello world! 2022-08-25 12:21:35 -06:00			`};`
all: switch to nixpkgs-fmt 2023-09-12 08:44:05 -06:00			`in`
			`{`
hello world! 2022-08-25 12:21:35 -06:00			`options = {`
			`defaultUsers = {`
			`enable = mkOption {`
			`description = "Enable regular set of users";`
hosts/tv: init with basic kodi config 2024-05-27 21:12:29 -06:00			`default = if (builtins.hasAttr "${config.networking.hostName}" config.xin-secrets) then true else false;`
hello world! 2022-08-25 12:21:35 -06:00			`example = true;`
			`type = lib.types.bool;`
			`};`
			`};`
			`};`

all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`config =`
			`let`
users: clean up sopsFile stuff a bit 2024-03-22 08:21:55 -06:00			`inherit (config.networking) hostName;`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`hasQbit =`
hosts/tv: init with basic kodi config 2024-05-27 21:12:29 -06:00			`if (builtins.hasAttr hostName config.xin-secrets) &&`
			`(builtins.hasAttr "qbit" config.xin-secrets.${hostName}.user_passwords) then true else false;`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`in`
			`mkIf config.defaultUsers.enable {`
			`sops =`
hosts/tv: init with basic kodi config 2024-05-27 21:12:29 -06:00			`let`
			`secretAttrs = config.xin-secrets.${hostName}.user_passwords;`
			`in`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`{`
			`age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];`
			`secrets = mkMerge [`
users: fmt, stan: add root and fix default user name 2024-03-22 07:47:22 -06:00			`{`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`root_hash =`
			`{`
users: fmt, stan: add root and fix default user name 2024-03-22 07:47:22 -06:00			`name = "hash";`
users: clean up sopsFile stuff a bit 2024-03-22 08:21:55 -06:00			`sopsFile = secretAttrs.root;`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`owner = "root";`
			`mode = "400";`
			`neededForUsers = true;`
			`};`
users: fmt, stan: add root and fix default user name 2024-03-22 07:47:22 -06:00			`}`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`(mkIf hasQbit {`
			`qbit_hash = {`
users: clean up sopsFile stuff a bit 2024-03-22 08:21:55 -06:00			`sopsFile = secretAttrs.qbit;`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`owner = "root";`
			`mode = "400";`
			`neededForUsers = true;`
			`};`
			`})`
			`];`
all: initial bits for moving users passwords to the pw store 2024-03-12 11:18:29 -06:00			`};`
			`users = {`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`mutableUsers = false;`
			`users = mkMerge [`
users: fmt, stan: add root and fix default user name 2024-03-22 07:47:22 -06:00			`{`
			`root = userBase // {`
			`hashedPasswordFile = config.sops.secrets.root_hash.path;`
			`};`
			`}`
all: switch to using dynamic entries in xin-secrets 2024-03-21 22:08:30 -06:00			`(mkIf hasQbit {`
			`qbit = userBase // {`
			`isNormalUser = true;`
			`description = "Aaron Bieber";`
			`home = "/home/qbit";`
			`extraGroups = [ "wheel" ];`
			`hashedPasswordFile = config.sops.secrets.qbit_hash.path;`
			`};`
			`})`
			`];`
all: initial bits for moving users passwords to the pw store 2024-03-12 11:18:29 -06:00			`};`
			`};`
hello world! 2022-08-25 12:21:35 -06:00			`}`