32 lines
855 B
Nix
32 lines
855 B
Nix
{ lib, config, ... }:
|
|
{
|
|
imports = [ ../ssh.nix ];
|
|
|
|
options.admin = {
|
|
disable = lib.mkOption {
|
|
default = false;
|
|
type = lib.types.bool;
|
|
description = "disable admin user";
|
|
};
|
|
};
|
|
|
|
# named this way to reduce the attack surface of my servers
|
|
config = lib.mkIf (!config.admin.disable) {
|
|
sops.secrets."users/crown".neededForUsers = true;
|
|
users.mutableUsers = false; # required for sops to touch the password
|
|
|
|
users.users.crown = {
|
|
description = "wikipedia.org/wiki/Root_crown";
|
|
home = "/home/crown";
|
|
createHome = true;
|
|
group = "crown";
|
|
extraGroups = [ "wheel" ];
|
|
useDefaultShell = true;
|
|
isNormalUser = true;
|
|
hashedPasswordFile = config.sops.secrets."users/crown".path;
|
|
openssh.authorizedKeys.keys = config.ssh.keys;
|
|
};
|
|
|
|
users.groups.crown = {};
|
|
};
|
|
}
|