initial commit

2025-11-09 23:51:40 -05:00 · 2025-11-09 23:51:40 -05:00 · 4014d5e658
commit 4014d5e658
30 changed files with 911 additions and 0 deletions
--- a/modules/users/admin.nix
+++ b/modules/users/admin.nix
@ -0,0 +1,32 @@
+{ lib, config, ... }:
+{
+  imports = [ ../ssh.nix ];
+
+  options.admin = {
+    disable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = "disable admin user";
+    };
+  };
+
+  # named this way to reduce the attack surface of my servers
+  config = lib.mkIf (!config.admin.disable) {
+    sops.secrets."users/crown".neededForUsers = true;
+    users.mutableUsers = false; # required for sops to touch the password
+
+    users.users.crown = {
+      description = "wikipedia.org/wiki/Root_crown";
+      home = "/home/crown";
+      createHome = true;
+      group = "crown";
+      extraGroups = [ "wheel" ];
+      useDefaultShell = true;
+      isNormalUser = true;
+      hashedPasswordFile = config.sops.secrets."users/crown".path;
+      openssh.authorizedKeys.keys = config.ssh.keys;
+    };
+
+    users.groups.crown = {};
+  };
+}