infra/modules/base/user.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

{
  flake.modules.nixos.base =
    {
      config,
      lib,
      pkgs,
      ...
    }:
    {
      options.infra.user = lib.mkOption {
        type = lib.types.str;
        default = "vkcku";
        description = "The name of the main user.";
      };

      config =
        let
          username = config.infra.user;
          passwordKey = "hosts/${config.networking.hostName}/users/${username}";
        in
        {
          sops.secrets."${passwordKey}".neededForUsers = true;

          users.mutableUsers = false;

          users.users."${username}" = {
            isNormalUser = true;
            createHome = true;
            home = "/home/${username}";
            extraGroups = [ "wheel" ];
            shell = pkgs.nushell;
            hashedPasswordFile = config.sops.secrets."${passwordKey}".path;
          };
        };
    };
}