nixos/options/custom/settings/users.nix

{
  config,
  inputs,
  lib,
  pkgs,
  ...
}:

with lib;

let
  cfg = config.custom.settings.users;
in
{
  options.custom.settings.users = {
    enable = mkOption { default = false; };
    shell = mkOption { default = pkgs.fish; };

    ${config.custom.username} = {
      groups = mkOption {
        default =
          if config.custom.full then
            [
              "input"
              "video"
            ]
          else
            [ ];
      };
      linger = mkOption { default = false; };
      packages = mkOption { default = [ ]; };
    };
  };

  config = mkIf cfg.enable {
    age.secrets =
      let
        secret = filename: {
          file = "${inputs.self}/secrets/${filename}";
        };
      in
      {
        "${config.custom.profile}/users/${config.custom.username}.pass" = secret "${config.custom.profile}/users/${config.custom.username}.pass";
        "${config.custom.profile}/users/root.pass" = secret "${config.custom.profile}/users/root.pass";
      };

    users = {
      defaultUserShell = cfg.shell;
      mutableUsers = false; # !! Immutable users

      users = {
        #!! secrets/PROFILE/users/USERNAME.pass hashedPasswordFile is required

        root.hashedPasswordFile = config.age.secrets."${config.custom.profile}/users/root.pass".path;

        ${config.custom.username} = {
          isNormalUser = true;
          extraGroups = [ "wheel" ] ++ cfg.${config.custom.username}.groups;
          hashedPasswordFile =
            config.age.secrets."${config.custom.profile}/users/${config.custom.username}.pass".path;
          linger = cfg.${config.custom.username}.linger;
          packages = cfg.${config.custom.username}.packages;
        };
      };
    };
  };
}
git: migrate to forgejo Squashes 1,331 commits Signed-off-by: Myned <dev@bjork.tech> 2024-09-09 00:22:14 +00:00			`{`
			`config,`
			`inputs,`
			`lib,`
			`pkgs,`
			`...`
			`}:`

			`with lib;`

			`let`
			`cfg = config.custom.settings.users;`
			`in`
			`{`
			`options.custom.settings.users = {`
			`enable = mkOption { default = false; };`
			`shell = mkOption { default = pkgs.fish; };`

			`${config.custom.username} = {`
			`groups = mkOption {`
			`default =`
			`if config.custom.full then`
			`[`
			`"input"`
			`"video"`
			`]`
			`else`
			`[ ];`
			`};`
			`linger = mkOption { default = false; };`
			`packages = mkOption { default = [ ]; };`
			`};`
			`};`

			`config = mkIf cfg.enable {`
			`age.secrets =`
			`let`
			`secret = filename: {`
			`file = "${inputs.self}/secrets/${filename}";`
			`};`
			`in`
			`{`
			`"${config.custom.profile}/users/${config.custom.username}.pass" = secret "${config.custom.profile}/users/${config.custom.username}.pass";`
			`"${config.custom.profile}/users/root.pass" = secret "${config.custom.profile}/users/root.pass";`
			`};`

			`users = {`
			`defaultUserShell = cfg.shell;`
			`mutableUsers = false; # !! Immutable users`

			`users = {`
			`#!! secrets/PROFILE/users/USERNAME.pass hashedPasswordFile is required`

			`root.hashedPasswordFile = config.age.secrets."${config.custom.profile}/users/root.pass".path;`

			`${config.custom.username} = {`
			`isNormalUser = true;`
			`extraGroups = [ "wheel" ] ++ cfg.${config.custom.username}.groups;`
			`hashedPasswordFile =`
			`config.age.secrets."${config.custom.profile}/users/${config.custom.username}.pass".path;`
			`linger = cfg.${config.custom.username}.linger;`
			`packages = cfg.${config.custom.username}.packages;`
			`};`
			`};`
			`};`
			`};`
			`}`