nixos/options/custom/settings/users.nix

{
  config,
  inputs,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.custom.settings.users;
in {
  options.custom.settings.users = {
    enable = mkOption {default = false;};
    shell = mkOption {default = pkgs.fish;};

    ${config.custom.username} = {
      groups = mkOption {
        default =
          if config.custom.full
          then [
            "input"
            "video"
          ]
          else [];
      };
      linger = mkOption {default = false;};
      packages = mkOption {default = [];};
    };
  };

  config = mkIf cfg.enable {
    age.secrets = let
      secret = filename: {
        file = "${inputs.self}/secrets/${filename}";
      };
    in {
      "${config.custom.profile}/users/${config.custom.username}.pass" = secret "${config.custom.profile}/users/${config.custom.username}.pass";
      "${config.custom.profile}/users/root.pass" = secret "${config.custom.profile}/users/root.pass";
    };

    users = {
      defaultUserShell = cfg.shell;
      mutableUsers = false; # !! Immutable users

      users = {
        #!! secrets/PROFILE/users/USERNAME.pass hashedPasswordFile is required

        root.hashedPasswordFile = config.age.secrets."${config.custom.profile}/users/root.pass".path;

        ${config.custom.username} = {
          isNormalUser = true;
          extraGroups = ["wheel"] ++ cfg.${config.custom.username}.groups;
          hashedPasswordFile =
            config.age.secrets."${config.custom.profile}/users/${config.custom.username}.pass".path;
          linger = cfg.${config.custom.username}.linger;
          packages = cfg.${config.custom.username}.packages;
        };
      };
    };
  };
}
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`{`
			`config,`
			`inputs,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`with lib; let`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`cfg = config.custom.settings.users;`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`in {`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`options.custom.settings.users = {`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`enable = mkOption {default = false;};`
			`shell = mkOption {default = pkgs.fish;};`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00
			`${config.custom.username} = {`
			`groups = mkOption {`
			`default =`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`if config.custom.full`
			`then [`
			`"input"`
			`"video"`
			`]`
			`else [];`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`};`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`linger = mkOption {default = false;};`
			`packages = mkOption {default = [];};`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`};`
			`};`

			`config = mkIf cfg.enable {`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`age.secrets = let`
			`secret = filename: {`
			`file = "${inputs.self}/secrets/${filename}";`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`};`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`in {`
			`"${config.custom.profile}/users/${config.custom.username}.pass" = secret "${config.custom.profile}/users/${config.custom.username}.pass";`
			`"${config.custom.profile}/users/root.pass" = secret "${config.custom.profile}/users/root.pass";`
			`};`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00
			`users = {`
			`defaultUserShell = cfg.shell;`
			`mutableUsers = false; # !! Immutable users`

			`users = {`
			`#!! secrets/PROFILE/users/USERNAME.pass hashedPasswordFile is required`

			`root.hashedPasswordFile = config.age.secrets."${config.custom.profile}/users/root.pass".path;`

			`${config.custom.username} = {`
			`isNormalUser = true;`
nix: format with alejandra Signed-off-by: Myned <dev@bjork.tech> 2024-09-13 01:50:53 +00:00			`extraGroups = ["wheel"] ++ cfg.${config.custom.username}.groups;`
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`hashedPasswordFile =`
			`config.age.secrets."${config.custom.profile}/users/${config.custom.username}.pass".path;`
			`linger = cfg.${config.custom.username}.linger;`
			`packages = cfg.${config.custom.username}.packages;`
			`};`
			`};`
			`};`
			`};`
			`}`