ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity
nixos/modules/users.nix
Stefan Ellmauthaler 9bdb9fe8d2
Xmonad (#9) 
* XMonad base config
* Polybar
* development environment for emacs

* flake bump
Flake lock file updates:

• Added input 'flake-utils':
    'github:numtide/flake-utils/cfacdce06f30d2b68473a46042957675eebb3401' (2023-04-11)
• Added input 'flake-utils/systems':
    'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e' (2023-04-09)
• Added input 'flake-utils-plus':
    'github:gytis-ivaskevicius/flake-utils-plus/2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a' (2022-07-07)
• Added input 'flake-utils-plus/flake-utils':
    'github:numtide/flake-utils/3cecb5b042f7f209c56ffd8371b2711a290ec797' (2022-02-07)
• Added input 'nixpkgs':
    'github:NixOS/nixpkgs/7629f9b0680d87c7775f3261bee746da5dac76d1' (2023-05-08)
• Added input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/897876e4c484f1e8f92009fd11b7d988a121a4e7' (2023-05-06)
2023-05-09 15:17:19 +02:00

189 lines
5.0 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
homeConfigurations,
...
}:
with lib; {
options.elss.users = {
enable = mkEnableOption "elss specific user configuration";
x11.enable = mkEnableOption "Activate XSession related options in user-configs";
dunst.enable = mkEnableOption "Activate Dunst";
users = mkOption {
description = "logins of non-admin users to configure";
type = types.listOf types.str;
};
admins = mkOption {
description = "logins of admin users to configure";
type = types.listOf types.str;
};
meta = mkOption {
type =
types.attrsOf
(types.submodule {
options = {
description = mkOption {
type = types.str;
description = "full name of the user";
};
hashedPassword =
mkOption
{
type = types.str;
default = null;
description = "hashed password, only required for admins";
};
publicKeys = mkOption {
type = types.listOf types.str;
description = "SSH public keys for the user";
};
mailAddress = mkOption {
type = types.str;
description = "Email address of the user";
};
git = mkOption {
type = types.submodule {
options = {
key = mkOption {
type = types.str;
example = "0xBEEE1234";
default = "C804A9C1B7AF8256";
description = "Signkey for git commits";
};
gpgsm = mkOption {
type = types.bool;
default = false;
description = "Whether to use gpgsm for commit signatures";
};
signDefault = mkOption {
type = types.bool;
default = false;
description = "Whether to force signing commits or not";
};
};
};
};
};
});
};
};
config = let
cfg = config.elss.users;
inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers;
getMeta = login:
builtins.getAttr login cfg.meta;
mkAdmin = login:
mkMerge [
(mkUser login)
{
extraGroups = ["wheel"];
inherit (getMeta login) hashedPassword;
}
];
mkUser = login: let
meta = getMeta login;
in {
inherit (meta) description;
isNormalUser = true;
home = "/home/${login}";
extraGroups = [];
openssh.authorizedKeys.keys = meta.publicKeys;
};
mkGitUser = login: let
meta = getMeta login;
in {
programs.git = {
userEmail = meta.mailAddress;
userName = meta.description;
extraConfig = {
gpg = lib.mkIf meta.git.gpgsm {
format = "x509";
program = "${pkgs.gnupg}/bin/gpgsm";
};
user = {
signingKey = meta.git.key;
};
commit = {
gpgsign = meta.git.signDefault;
};
};
};
};
mkX11User = login: let
meta = getMeta login;
in
mkIf (cfg.x11.enable)
{
xsession = {
numlock.enable = true;
profileExtra = ''
if [ $(hostname) = 'stel-xps' ]; then
brightnessctl s 50%
fi
'';
};
home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png;
services = {
blueman-applet.enable = true;
network-manager-applet.enable = true;
dunst.enable = true;
};
};
in
mkIf (cfg.enable)
{
assertions = let
cfg = config.elss.users;
in [
{
assertion = mutuallyExclusive cfg.users cfg.admins;
message = "elss.users.users and elss.users.admins are mutually exclusive";
}
{
assertion =
all (hash: hash != "")
(catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta));
message = "No admin without password";
}
{
assertion = length (cfg.admins) > 0;
message = "One admin needed at least";
}
];
users = {
mutableUsers = false;
users = mkMerge [
(mapAdmins mkAdmin)
(mapUsers mkUser)
];
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users = mkMerge [
(mapAllUsers mkX11User)
(mapAllUsers mkGitUser)
(mapAllUsersAndRoot (login:
mkMerge [
{config.home.stateVersion = mkDefault "21.11";}
(
if homeConfigurations ? "${login}"
then homeConfigurations."${login}"
else {}
)
]))
];
};
};
}
Reference in New Issue View Git Blame Copy Permalink