machines-config/nixosModules/users/default.nix

48 lines
1.3 KiB
Nix
Raw Permalink Normal View History

2024-12-18 23:14:56 +01:00
{ config, lib, ... }:
let
cfg = config.kropcloud.admin;
in
{
options.kropcloud.admin = {
user = lib.mkOption {
type = lib.types.str;
default = "krop";
description = "Name of the admin user to be created.";
};
sshKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "List of SSH public keys to authorize for the admin user.";
};
password = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Password for the admin user. Should be used only for initial setup.";
};
2025-01-07 20:05:09 +01:00
sudoRequirePassword = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Require password for sudo. Should be used only for initial setup.";
};
2024-12-18 23:14:56 +01:00
};
config = {
2024-12-29 10:34:03 +01:00
age.secrets.mypassword.file = ../../secrets/mypassword.age;
2025-01-07 20:05:09 +01:00
security.sudo.wheelNeedsPassword = cfg.sudoRequirePassword;
2024-12-18 23:14:56 +01:00
# Define the admin user
users = {
mutableUsers = false;
users.${cfg.user} = {
password = if cfg.password != null then cfg.password else null;
hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path;
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = cfg.sshKeys;
};
2024-12-18 23:14:56 +01:00
};
};
}