From dfd8eb9c15915667f7dbc5073b1a13c63796dcc9 Mon Sep 17 00:00:00 2001
From: ahtlon <atlan@ahtlon.de>
Date: Tue, 28 Jan 2025 11:58:38 +0100
Subject: [PATCH] Add malo user module

---
 machines/modules/malobeo/users.nix | 54 ++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 machines/modules/malobeo/users.nix

diff --git a/machines/modules/malobeo/users.nix b/machines/modules/malobeo/users.nix
new file mode 100644
index 00000000..f57f8c20
--- /dev/null
+++ b/machines/modules/malobeo/users.nix
@@ -0,0 +1,54 @@
+{config, lib, pkgs, ...}:
+let 
+  cfg = config.malobeo.users;
+  sshKeys = import ../ssh_keys.nix;
+in
+{
+  options.malobeo.users = {
+    malobeo = lib.mkEnableOption "enable malobeo user";
+    admin = lib.mkEnableOption "enable admin user";
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.malobeo {
+      
+      users.users.malobeo = {
+        isNormalUser = true;
+        description = "malobeo user, password via sops -d ";
+        extraGroups = [ "pipewire" "pulse-access" "scanner" "lp" ];
+        openssh.authorizedKeys.keys = sshKeys.admins;
+      };
+      environment.systemPackages = with pkgs; [];
+    })
+    (lib.mkIf cfg.admin {
+      users.user.admin = {
+        isNormalUser = true;
+        description = "admin user, passwordless sudo access, only ssh";
+        hashedPassword = null;
+        extraGroups = [ "networkmanager" ];
+      };
+      environment.systemPackages = with pkgs; [];
+      security.sudo.extraRules = [
+        {
+          users = [ "admin" ];
+          commands = [
+            {
+              command = "ALL";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+        }
+      ];
+    })
+    {
+      users.mutableUsers = false;
+      environment.systemPackages = with pkgs; [
+        nix-output-monitor
+        vim
+        htop
+        wget
+        git
+        pciutils
+      ];
+    }
+  ];
+}
\ No newline at end of file