{ config, lib, pkgs, ... }: let nc = config.nathan.config; in with lib; { config = mkMerge [ { users = { # If we install the user and the system is hardended, then disable mutable users mutableUsers = !(nc.installUser && nc.harden); # Configure our user, if enabled users."${nc.user}" = mkMerge [ (mkIf nc.installUser { # Darwin is special home = if pkgs.stdenv.isDarwin then "/Users/${nc.user}" else "/home/${nc.user}"; description = "Nathan McCarty"; shell = pkgs.fish; # Linux specific configuration next }) (mkIf (nc.installUser && pkgs.stdenv.isLinux) { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; openssh.authorizedKeys.keys = [ # yubikey ssh key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" # WSL key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io" # Phone key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost" # Tablet key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost" # Macbook key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local" ]; }) ]; }; # If we install the user, enable sudo security.sudo.enable = mkDefault nc.installUser; # If we isntall the user, make them trusted nix.settings.trusted-users = if nc.installUser then [ "${nc.user}" ] else [ ]; # If we setup the user, install the shell as well environment.systemPackages = if nc.installUser then [ pkgs.fish ] else [ ]; # Configure the timezone time.timeZone = "America/New_York"; } (mkIf config.nathan.hardware.amdPassthrough { users.users."${nc.user}".extraGroups = [ "libvirtd" ]; }) ]; }