Compare commits
No commits in common. "a798185a176e60868e140700a72fe1740ad43cfd" and "9c1331075a738ab013fe474c1417800be06be3b1" have entirely different histories.
a798185a17
...
9c1331075a
|
@ -41,7 +41,6 @@
|
||||||
};
|
};
|
||||||
config = {
|
config = {
|
||||||
setupGrub = false;
|
setupGrub = false;
|
||||||
userUid = "1001";
|
|
||||||
nix = {
|
nix = {
|
||||||
autoUpdate = true;
|
autoUpdate = true;
|
||||||
autoGC = true;
|
autoGC = true;
|
||||||
|
|
|
@ -138,12 +138,6 @@ in {
|
||||||
description = "Whether to install the 'nathan' user";
|
description = "Whether to install the 'nathan' user";
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
};
|
};
|
||||||
homeTmpfs = mkEnableOptionT "~/.tmp as tmpfs";
|
|
||||||
userUid = mkOption {
|
|
||||||
default = "1000";
|
|
||||||
example = "1000";
|
|
||||||
description = "UID of the user";
|
|
||||||
};
|
|
||||||
# Should we harden this system?
|
# Should we harden this system?
|
||||||
# On by default
|
# On by default
|
||||||
harden = mkEnableOptionT "Apply system hardening";
|
harden = mkEnableOptionT "Apply system hardening";
|
||||||
|
|
|
@ -19,7 +19,8 @@ in with lib; {
|
||||||
};
|
};
|
||||||
environment.shells = [ pkgs.fish ];
|
environment.shells = [ pkgs.fish ];
|
||||||
users = {
|
users = {
|
||||||
mutableUsers = !nc.installUser;
|
# If we install the user and the system is hardended, then disable mutable users
|
||||||
|
mutableUsers = !(nc.installUser && nc.harden);
|
||||||
# Configure our user, if enabled
|
# Configure our user, if enabled
|
||||||
users."${nc.user}" = mkMerge [
|
users."${nc.user}" = mkMerge [
|
||||||
(mkIf nc.installUser {
|
(mkIf nc.installUser {
|
||||||
|
@ -64,11 +65,5 @@ in with lib; {
|
||||||
(mkIf config.nathan.hardware.amdPassthrough {
|
(mkIf config.nathan.hardware.amdPassthrough {
|
||||||
users.users."${nc.user}".extraGroups = [ "libvirtd" ];
|
users.users."${nc.user}".extraGroups = [ "libvirtd" ];
|
||||||
})
|
})
|
||||||
(mkIf (nc.homeTmpfs && nc.installUser) {
|
|
||||||
fileSystems."/home/${nc.user}/.tmp" = {
|
|
||||||
fsType = "tmpfs";
|
|
||||||
options = [ "mode=700" "uid=${nc.userUid}" "gid=100" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue