2026-01-24 22:40:40 +01:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.my.profiles.core.users;
|
|
|
|
|
in
|
2020-11-16 21:14:46 +01:00
|
|
|
{
|
2026-01-24 22:40:40 +01:00
|
|
|
options.my.profiles.core.users.enable = lib.mkEnableOption "core users profile";
|
2022-06-06 11:47:50 +02:00
|
|
|
|
2026-01-24 22:40:40 +01:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
sops.secrets."users/felix/password".neededForUsers = true;
|
|
|
|
|
sops.secrets."users/felix/password" = { };
|
|
|
|
|
|
|
|
|
|
users.users.felix = {
|
|
|
|
|
isNormalUser = true;
|
|
|
|
|
home = "/home/felix";
|
|
|
|
|
group = "felix";
|
|
|
|
|
extraGroups = [
|
|
|
|
|
"adbusers" # adb control
|
|
|
|
|
"audio" # sound control
|
|
|
|
|
"cdrom" # emulate cds
|
|
|
|
|
"dialout" # serial-console
|
|
|
|
|
"docker" # usage of `docker` socket
|
|
|
|
|
"input" # mouse control
|
|
|
|
|
"libvirtd" # kvm control
|
|
|
|
|
"networkmanager" # wireless configuration
|
|
|
|
|
"podman" # usage of `podman` socket
|
|
|
|
|
"seat" # access to input devices
|
|
|
|
|
"video" # screen control
|
|
|
|
|
"wheel" # `sudo` for the user.
|
|
|
|
|
];
|
|
|
|
|
hashedPasswordFile = config.sops.secrets."users/felix/password".path;
|
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@workman"
|
|
|
|
|
"no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHhjrfqyOS+M9ATSTVr9JXPERBXOow/ZmkWICjbtbEgXAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0x ssh:felix-personal-1"
|
|
|
|
|
"no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIMHExVOrEevQ+bwrrW3cXCO7Y/SyA+7wG+b6ZvAWY4MJAAAAFHNzaDpmZWxpeC1wZXJzb25hbC0y ssh:felix-personal-2"
|
|
|
|
|
];
|
|
|
|
|
};
|
2020-11-16 21:14:46 +01:00
|
|
|
|
2026-01-24 22:40:40 +01:00
|
|
|
users.groups.felix = {
|
|
|
|
|
gid = 1000;
|
|
|
|
|
};
|
2020-11-16 21:14:46 +01:00
|
|
|
};
|
|
|
|
|
}
|
