Add malo user module

2025-01-28 11:58:38 +01:00
parent 362d9cf488
commit dfd8eb9c15
1 changed files with 54 additions and 0 deletions
--- a/machines/modules/malobeo/users.nix
+++ b/machines/modules/malobeo/users.nix
@@ -0,0 +1,54 @@
+{config, lib, pkgs, ...}:
+let 
+  cfg = config.malobeo.users;
+  sshKeys = import ../ssh_keys.nix;
+in
+{
+  options.malobeo.users = {
+    malobeo = lib.mkEnableOption "enable malobeo user";
+    admin = lib.mkEnableOption "enable admin user";
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.malobeo {
+      
+      users.users.malobeo = {
+        isNormalUser = true;
+        description = "malobeo user, password via sops -d ";
+        extraGroups = [ "pipewire" "pulse-access" "scanner" "lp" ];
+        openssh.authorizedKeys.keys = sshKeys.admins;
+      };
+      environment.systemPackages = with pkgs; [];
+    })
+    (lib.mkIf cfg.admin {
+      users.user.admin = {
+        isNormalUser = true;
+        description = "admin user, passwordless sudo access, only ssh";
+        hashedPassword = null;
+        extraGroups = [ "networkmanager" ];
+      };
+      environment.systemPackages = with pkgs; [];
+      security.sudo.extraRules = [
+        {
+          users = [ "admin" ];
+          commands = [
+            {
+              command = "ALL";
+              options = [ "NOPASSWD" ];
+            }
+          ];
+        }
+      ];
+    })
+    {
+      users.mutableUsers = false;
+      environment.systemPackages = with pkgs; [
+        nix-output-monitor
+        vim
+        htop
+        wget
+        git
+        pciutils
+      ];
+    }
+  ];
+}