System/modules/linux/user.nix

53 lines
2.0 KiB
Nix
Raw Normal View History

2022-06-23 02:57:41 -04:00
{ config, lib, pkgs, ... }:
let
nc = config.nathan.config;
in
with lib; {
config = {
users = {
# If we install the user and the system is hardended, then disable mutable users
mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled
2022-07-02 02:44:43 -04:00
users."${nc.user}" = mkMerge [
(mkIf nc.installUser
{
# Darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty";
shell = pkgs.fish;
# Linux specific configuration next
})
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Phone key
2022-09-20 14:40:38 -04:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost"
2022-07-02 02:44:43 -04:00
# Tablet key
2022-09-04 04:14:36 -04:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"
2022-07-02 02:44:43 -04:00
];
})
];
2022-06-23 02:57:41 -04:00
};
# If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser;
2022-09-04 04:25:59 -04:00
# If we isntall the user, make them trusted
nix.settings.trusted-users =
if nc.installUser then [
"nathan"
] else [ ];
2022-06-23 02:57:41 -04:00
# If we setup the user, install the shell as well
environment.systemPackages =
if nc.installUser then [
pkgs.fish
] else [ ];
# Configure the timezone
time.timeZone = "America/New_York";
};
}