82 lines
2.0 KiB
Nix
82 lines
2.0 KiB
Nix
{ config
|
|
, lib
|
|
, pkgs
|
|
, ...
|
|
}:
|
|
with lib; let
|
|
userBase = {
|
|
shell = pkgs.zsh;
|
|
openssh.authorizedKeys.keys =
|
|
config.myconf.hwPubKeys
|
|
++ config.myconf.managementPubKeys;
|
|
};
|
|
in
|
|
{
|
|
options = {
|
|
defaultUsers = {
|
|
enable = mkOption {
|
|
description = "Enable regular set of users";
|
|
default = if (builtins.hasAttr "${config.networking.hostName}" config.xin-secrets) then true else false;
|
|
example = true;
|
|
type = lib.types.bool;
|
|
};
|
|
};
|
|
};
|
|
|
|
config =
|
|
let
|
|
inherit (config.networking) hostName;
|
|
hasQbit =
|
|
if (builtins.hasAttr hostName config.xin-secrets) &&
|
|
(builtins.hasAttr "qbit" config.xin-secrets.${hostName}.user_passwords) then true else false;
|
|
in
|
|
mkIf config.defaultUsers.enable {
|
|
sops =
|
|
let
|
|
secretAttrs = config.xin-secrets.${hostName}.user_passwords;
|
|
in
|
|
{
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
secrets = mkMerge [
|
|
{
|
|
root_hash =
|
|
{
|
|
name = "hash";
|
|
sopsFile = secretAttrs.root;
|
|
owner = "root";
|
|
mode = "400";
|
|
neededForUsers = true;
|
|
};
|
|
}
|
|
(mkIf hasQbit {
|
|
qbit_hash = {
|
|
sopsFile = secretAttrs.qbit;
|
|
owner = "root";
|
|
mode = "400";
|
|
neededForUsers = true;
|
|
};
|
|
})
|
|
];
|
|
};
|
|
users = {
|
|
mutableUsers = false;
|
|
users = mkMerge [
|
|
{
|
|
root = userBase // {
|
|
hashedPasswordFile = config.sops.secrets.root_hash.path;
|
|
};
|
|
}
|
|
(mkIf hasQbit {
|
|
qbit = userBase // {
|
|
isNormalUser = true;
|
|
description = "Aaron Bieber";
|
|
home = "/home/qbit";
|
|
extraGroups = [ "wheel" ];
|
|
hashedPasswordFile = config.sops.secrets.qbit_hash.path;
|
|
};
|
|
})
|
|
];
|
|
};
|
|
};
|
|
}
|