machines-config/nixosModules/users/default.nix

{ config, lib, ... }:
let
  cfg = config.kropcloud.admin;
in
{
  options.kropcloud.admin = {
    user = lib.mkOption {
      type = lib.types.str;
      default = "krop";
      description = "Name of the admin user to be created.";
    };
    sshKeys = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = "List of SSH public keys to authorize for the admin user.";
    };
    password = lib.mkOption {
      type = lib.types.nullOr lib.types.str;
      default = null;
      description = "Password for the admin user. Should be used only for initial setup.";
    };
    sudoRequirePassword = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "Require password for sudo. Should be used only for initial setup.";
    };
  };

  config = {

    age.secrets.mypassword.file = ../../secrets/mypassword.age;

    security.sudo.wheelNeedsPassword = cfg.sudoRequirePassword;

    # Define the admin user
    users = {
      mutableUsers = false;
      users.${cfg.user} = {
        password = if cfg.password != null then cfg.password else null;
        hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path;
        isNormalUser = true;
        extraGroups = [ "wheel" ];
        openssh.authorizedKeys.keys = cfg.sshKeys;
      };
    };
  };
}
added more config 2024-12-18 23:14:56 +01:00			`{ config, lib, ... }:`
			`let`
			`cfg = config.kropcloud.admin;`
			`in`
			`{`
			`options.kropcloud.admin = {`
			`user = lib.mkOption {`
			`type = lib.types.str;`
			`default = "krop";`
			`description = "Name of the admin user to be created.";`
			`};`
			`sshKeys = lib.mkOption {`
			`type = lib.types.listOf lib.types.str;`
			`default = [ ];`
			`description = "List of SSH public keys to authorize for the admin user.";`
			`};`
bootstrapping default bootstrap password think this is required pw update pseudoterm change pw 2025-01-02 16:21:43 +01:00			`password = lib.mkOption {`
			`type = lib.types.nullOr lib.types.str;`
			`default = null;`
			`description = "Password for the admin user. Should be used only for initial setup.";`
			`};`
functional HELL 2025-01-07 20:05:09 +01:00			`sudoRequirePassword = lib.mkOption {`
			`type = lib.types.bool;`
			`default = true;`
			`description = "Require password for sudo. Should be used only for initial setup.";`
			`};`
added more config 2024-12-18 23:14:56 +01:00			`};`

			`config = {`
trying agenix 2024-12-29 10:34:03 +01:00
			`age.secrets.mypassword.file = ../../secrets/mypassword.age;`

functional HELL 2025-01-07 20:05:09 +01:00			`security.sudo.wheelNeedsPassword = cfg.sudoRequirePassword;`

added more config 2024-12-18 23:14:56 +01:00			`# Define the admin user`
bootstrapping default bootstrap password think this is required pw update pseudoterm change pw 2025-01-02 16:21:43 +01:00			`users = {`
			`mutableUsers = false;`
			`users.${cfg.user} = {`
			`password = if cfg.password != null then cfg.password else null;`
			`hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path;`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" ];`
			`openssh.authorizedKeys.keys = cfg.sshKeys;`
			`};`
added more config 2024-12-18 23:14:56 +01:00			`};`
			`};`
			`}`