47 lines
1.3 KiB
Nix
47 lines
1.3 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.kropcloud.admin;
|
|
in
|
|
{
|
|
options.kropcloud.admin = {
|
|
user = lib.mkOption {
|
|
type = lib.types.str;
|
|
default = "krop";
|
|
description = "Name of the admin user to be created.";
|
|
};
|
|
sshKeys = lib.mkOption {
|
|
type = lib.types.listOf lib.types.str;
|
|
default = [ ];
|
|
description = "List of SSH public keys to authorize for the admin user.";
|
|
};
|
|
password = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = "Password for the admin user. Should be used only for initial setup.";
|
|
};
|
|
sudoRequirePassword = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = true;
|
|
description = "Require password for sudo. Should be used only for initial setup.";
|
|
};
|
|
};
|
|
|
|
config = {
|
|
|
|
age.secrets.mypassword.file = ../../secrets/mypassword.age;
|
|
|
|
security.sudo.wheelNeedsPassword = cfg.sudoRequirePassword;
|
|
|
|
# Define the admin user
|
|
users = {
|
|
mutableUsers = false;
|
|
users.${cfg.user} = {
|
|
password = if cfg.password != null then cfg.password else null;
|
|
hashedPasswordFile = if cfg.password != null then null else config.age.secrets.mypassword.path;
|
|
isNormalUser = true;
|
|
extraGroups = [ "wheel" ];
|
|
openssh.authorizedKeys.keys = cfg.sshKeys;
|
|
};
|
|
};
|
|
};
|
|
}
|