System/modules/linux/user.nix

75 lines
2.3 KiB
Nix

{ config, lib, pkgs, ... }:
let
nc = config.nathan.config;
ssh = import ../../info/ssh-keys.nix;
in with lib; {
config = mkMerge [
{
security.polkit = {
enable = true;
# TODO: Refine the wheel branch to only include nessicary actions
# extraConfig = ''
# polkit.addRule(function(action, subject) {
# if (subject.isInGroup("wheel"))
# {
# return polkit.Result.YES;
# }
# })
# '';
};
programs.fish.enable = true;
users = {
mutableUsers = !nc.installUser;
# Configure our user, if enabled
users."${nc.user}" = mkMerge [
(mkIf nc.installUser {
# Darwin is special
home = if pkgs.stdenv.isDarwin then
"/Users/${nc.user}"
else
"/home/${nc.user}";
description = "Nathan McCarty";
shell = pkgs.fish;
# Linux specific configuration next
})
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"audio"
"docker"
"libvirtd"
"uinput"
"adbusers"
"plugdev"
];
hashedPassword =
"$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = ssh.list;
})
];
};
# If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser;
# If we isntall the user, make them trusted
nix.settings.trusted-users =
if nc.installUser then [ "${nc.user}" ] else [ ];
# If we setup the user, install the shell as well
environment.systemPackages =
if nc.installUser then [ pkgs.fish ] else [ ];
# Configure the timezone
time.timeZone = "America/New_York";
}
(mkIf config.nathan.hardware.amdPassthrough {
users.users."${nc.user}".extraGroups = [ "libvirtd" ];
})
(mkIf (nc.homeTmpfs && nc.installUser) {
fileSystems."/home/${nc.user}/.tmp" = {
fsType = "tmpfs";
options = [ "mode=700" "uid=${nc.userUid}" "gid=100" ];
};
})
];
}