Compare commits
2 Commits
9c1331075a
...
a798185a17
Author | SHA1 | Date |
---|---|---|
Nathan McCarty | a798185a17 | |
Nathan McCarty | c24e1ca432 |
|
@ -41,6 +41,7 @@
|
|||
};
|
||||
config = {
|
||||
setupGrub = false;
|
||||
userUid = "1001";
|
||||
nix = {
|
||||
autoUpdate = true;
|
||||
autoGC = true;
|
||||
|
|
|
@ -138,6 +138,12 @@ in {
|
|||
description = "Whether to install the 'nathan' user";
|
||||
type = lib.types.bool;
|
||||
};
|
||||
homeTmpfs = mkEnableOptionT "~/.tmp as tmpfs";
|
||||
userUid = mkOption {
|
||||
default = "1000";
|
||||
example = "1000";
|
||||
description = "UID of the user";
|
||||
};
|
||||
# Should we harden this system?
|
||||
# On by default
|
||||
harden = mkEnableOptionT "Apply system hardening";
|
||||
|
|
|
@ -19,8 +19,7 @@ in with lib; {
|
|||
};
|
||||
environment.shells = [ pkgs.fish ];
|
||||
users = {
|
||||
# If we install the user and the system is hardended, then disable mutable users
|
||||
mutableUsers = !(nc.installUser && nc.harden);
|
||||
mutableUsers = !nc.installUser;
|
||||
# Configure our user, if enabled
|
||||
users."${nc.user}" = mkMerge [
|
||||
(mkIf nc.installUser {
|
||||
|
@ -65,5 +64,11 @@ in with lib; {
|
|||
(mkIf config.nathan.hardware.amdPassthrough {
|
||||
users.users."${nc.user}".extraGroups = [ "libvirtd" ];
|
||||
})
|
||||
(mkIf (nc.homeTmpfs && nc.installUser) {
|
||||
fileSystems."/home/${nc.user}/.tmp" = {
|
||||
fsType = "tmpfs";
|
||||
options = [ "mode=700" "uid=${nc.userUid}" "gid=100" ];
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue