30 lines
770 B
Nix
30 lines
770 B
Nix
{ config, ...}: let
|
|
host = config.networking.hostName;
|
|
in {
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
lilith = {
|
|
isNormalUser = true;
|
|
uid = 1000;
|
|
extraGroups = [ "wheel" "networkmanager" ];
|
|
hashedPasswordFile = config.sops.secrets."user/password".path;
|
|
};
|
|
};
|
|
|
|
sops.secrets = {
|
|
"user/password" = {
|
|
sopsFile = ../hosts/${host}/secrets/default.yaml;
|
|
neededForUsers = true;
|
|
};
|
|
"user/ssh/private" = {
|
|
sopsFile = ../hosts/${host}/secrets/default.yaml;
|
|
path = "/home/lilith/.ssh/id_ed25519";
|
|
owner = "lilith";
|
|
};
|
|
"user/ssh/public" = {
|
|
sopsFile = ../hosts/${host}/secrets/default.yaml;
|
|
path = "/home/lilith/.ssh/id_ed25519.pub";
|
|
owner = "lilith";
|
|
};
|
|
};
|
|
}
|