50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
{ config, ... }:
|
|
let
|
|
host = config.networking.hostName;
|
|
in
|
|
{
|
|
users.mutableUsers = false;
|
|
users.users = {
|
|
lilith = {
|
|
isNormalUser = true;
|
|
uid = 1000;
|
|
extraGroups = [
|
|
"wheel"
|
|
"networkmanager"
|
|
];
|
|
hashedPasswordFile = config.sops.secrets."user/password".path;
|
|
};
|
|
|
|
nixremote = {
|
|
isNormalUser = true;
|
|
createHome = false;
|
|
group = "users";
|
|
extraGroups = [ ];
|
|
openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN7RJ1q5TczmSDge2U2lXrZVtRzOM/D+Bodwrc6h3EjA"
|
|
];
|
|
};
|
|
};
|
|
|
|
sops.secrets = {
|
|
"user/password" = {
|
|
sopsFile = ../../hosts/${host}/secrets/default.yaml;
|
|
neededForUsers = true;
|
|
};
|
|
"user/ssh/private" = {
|
|
sopsFile = ../../hosts/${host}/secrets/default.yaml;
|
|
path = "/home/lilith/.ssh/id_ed25519";
|
|
owner = "lilith";
|
|
};
|
|
"user/ssh/public" = {
|
|
sopsFile = ../../hosts/${host}/secrets/default.yaml;
|
|
path = "/home/lilith/.ssh/id_ed25519.pub";
|
|
owner = "lilith";
|
|
};
|
|
"ssh/nixremote/private" = {
|
|
sopsFile = ../../secrets/default.yaml;
|
|
path = "/root/.ssh/nixremote";
|
|
owner = "root";
|
|
};
|
|
};
|
|
}
|