Automount user tmpfs

This commit is contained in:
Nathan McCarty 2023-05-07 02:16:31 -04:00
parent 9c1331075a
commit c24e1ca432
Signed by: thatonelutenist
SSH Key Fingerprint: SHA256:hwQEcmak9E6sdU9bXc98RHw/Xd1AhpB5HZT7ZSVJkRM
3 changed files with 14 additions and 2 deletions

View File

@ -41,6 +41,7 @@
}; };
config = { config = {
setupGrub = false; setupGrub = false;
userUid = "1001";
nix = { nix = {
autoUpdate = true; autoUpdate = true;
autoGC = true; autoGC = true;

View File

@ -138,6 +138,12 @@ in {
description = "Whether to install the 'nathan' user"; description = "Whether to install the 'nathan' user";
type = lib.types.bool; type = lib.types.bool;
}; };
homeTmpfs = mkEnableOptionT "~/.tmp as tmpfs";
userUid = mkOption {
default = "1000";
example = "1000";
description = "UID of the user";
};
# Should we harden this system? # Should we harden this system?
# On by default # On by default
harden = mkEnableOptionT "Apply system hardening"; harden = mkEnableOptionT "Apply system hardening";

View File

@ -19,8 +19,7 @@ in with lib; {
}; };
environment.shells = [ pkgs.fish ]; environment.shells = [ pkgs.fish ];
users = { users = {
# If we install the user and the system is hardended, then disable mutable users mutableUsers = !nc.installUser;
mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled # Configure our user, if enabled
users."${nc.user}" = mkMerge [ users."${nc.user}" = mkMerge [
(mkIf nc.installUser { (mkIf nc.installUser {
@ -65,5 +64,11 @@ in with lib; {
(mkIf config.nathan.hardware.amdPassthrough { (mkIf config.nathan.hardware.amdPassthrough {
users.users."${nc.user}".extraGroups = [ "libvirtd" ]; users.users."${nc.user}".extraGroups = [ "libvirtd" ];
}) })
(mkIf (nc.homeTmpfs && nc.installUser) {
fileSystems."/home/${nc.user}/.tmp" = {
fsType = "tmpfs";
options = [ "mode=700" "uid=${nc.userUid}" "gid=100" ];
};
})
]; ];
} }