harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
nixcfg/modules/nixos/user/default.nix
Harald Hoyer d5f688f7e9 feat: Add 'wheel' to default user extraGroups 
The user's extraGroups in the NixOS module now contains 'wheel' by default. This change provides the user with more privileges. Consequently, 'wheel' has been removed from the SGX-Attic's 'user.extraGroups' as it became redundant.
2024-07-05 16:13:48 +02:00

112 lines
3.7 KiB
Nix
Raw Permalink Blame History

{ options
, config
, pkgs
, lib
, ...
}:
with lib;
with lib.metacfg; let
cfg = config.metacfg.user;
defaultIconFileName = "profile.jpg";
defaultIcon = pkgs.stdenvNoCC.mkDerivation {
name = "default-icon";
src = ./. + "/${defaultIconFileName}";
dontUnpack = true;
installPhase = ''
cp $src $out
'';
passthru = { fileName = defaultIconFileName; };
};
propagatedIcon =
pkgs.runCommandNoCC "propagated-icon"
{ passthru = { fileName = cfg.icon.fileName; }; }
''
local target="$out/share/metacfg-icons/user/${cfg.name}"
mkdir -p "$target"
cp ${cfg.icon} "$target/${cfg.icon.fileName}"
'';
in
{
options.metacfg.user = with types; {
name = mkOpt str "harald" "The name to use for the user account.";
fullName = mkOpt str "Harald Hoyer" "The full name of the user.";
email = mkOpt str "harald@hoyer.xyz" "The email of the user.";
initialPassword =
mkOpt str "password"
"The initial password to use when the user is first created.";
icon =
mkOpt (nullOr package) defaultIcon
"The profile picture to use for the user.";
prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell.";
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
sshKeys = mkOpt (listOf str) [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
] "ssh keys";
extraOptions =
mkOpt attrs { }
(mdDoc "Extra options passed to `users.users.<name>`.");
};
config = {
environment.systemPackages = with pkgs; [
];
metacfg.home = {
file = {
"Desktop/.keep".text = "";
"Documents/.keep".text = "";
"Downloads/.keep".text = "";
"Music/.keep".text = "";
"Pictures/.keep".text = "";
"Videos/.keep".text = "";
"work/.keep".text = "";
".face".source = cfg.icon;
"Pictures/${
cfg.icon.fileName or (builtins.baseNameOf cfg.icon)
}".source =
cfg.icon;
};
extraOptions.programs.bash.initExtra = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
SHELL=/run/current-system/sw/bin/fish exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
else
[[ $SHELL == *fish ]] && SHELL=/run/current-system/sw/bin/bash
fi
'';
};
users.users.${cfg.name} =
{
isNormalUser = true;
# inherit (cfg) name initialPassword;
openssh.authorizedKeys.keys = cfg.sshKeys;
home = "/home/${cfg.name}";
group = "users";
shell = pkgs.bash;
# Arbitrary user ID to use for the user. Since I only
# have a single user on my machines this won't ever collide.
# However, if you add multiple users you'll need to change this
# so each user has their own unique uid (or leave it out for the
# system to select).
uid = 1000;
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
}
// cfg.extraOptions;
};
}
Reference in a new issue View git blame Copy permalink