From e2fac827bdab70bc4eee40fc54469645b4d64620 Mon Sep 17 00:00:00 2001
From: ahtlon <atlan@ahtlon.de>
Date: Sat, 1 Mar 2025 21:31:14 +0100
Subject: [PATCH] [user module] default enable users to prevent lockouts also,
 add admin to trusted users

---
 machines/modules/malobeo/users.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/machines/modules/malobeo/users.nix b/machines/modules/malobeo/users.nix
index 3982f28..543cdd7 100644
--- a/machines/modules/malobeo/users.nix
+++ b/machines/modules/malobeo/users.nix
@@ -5,8 +5,16 @@ let
 in
 {
   options.malobeo.users = {
-    malobeo = lib.mkEnableOption "enable malobeo user";
-    admin = lib.mkEnableOption "enable admin user";
+    malobeo = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable malobeo user, defaults to on";
+    };
+    admin = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "enable admin user, defaults to on to prevent lockouts";
+    };
   };
   config = lib.mkMerge [
     (lib.mkIf cfg.malobeo {
@@ -27,6 +35,7 @@ in
         extraGroups = [ "networkmanager" ];
       };
       environment.systemPackages = with pkgs; [];
+      nix.settings.trusted-users = [ "admin" ];
       security.sudo.extraRules = [
         {
           users = [ "admin" ];