{ config, lib, ... }: let cfg = config.kropcloud.admin; in { options.kropcloud.admin = { user = lib.mkOption { type = lib.types.str; default = "krop"; description = "Name of the admin user to be created."; }; sshKeys = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; description = "List of SSH public keys to authorize for the admin user."; }; password = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; description = "Password for the admin user. Should be used only for initial setup."; }; sudoRequirePassword = lib.mkOption { type = lib.types.bool; default = true; description = "Require password for sudo. Should be used only for initial setup."; }; }; config = { age.secrets.mypassword.file = ../../secrets/mypassword.age; security.sudo.wheelNeedsPassword = cfg.sudoRequirePassword; # Define the admin user users = { mutableUsers = false; users.${cfg.user} = { password = if cfg.password != null then cfg.password else null; hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path; isNormalUser = true; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = cfg.sshKeys; }; }; }; }