feat: simplify flake.nix

modules/nixos/user-group.nix

@@ -1,24 +1,24 @@
-{ ... }:
+{ username, ... }: 
 
 {
-  nix.settings.trusted-users = ["ryan"];
+  nix.settings.trusted-users = [username];
 
   users.groups = {
-    ryan = { };
-    docker = { };
-    wireshark = { };
+    "${username}" = {};
+    docker = {};
+    wireshark = {};
   };
   # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.ryan = {
+  users.users."${username}" = {
     # the hashed password with salt is generated by run `mkpasswd`.
     hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
-    home = "/home/ryan";
+    home = "/home/${username}";
     isNormalUser = true;
-    description = "ryan";
-    extraGroups = [ 
-      "ryan" 
+    description = username;
+    extraGroups = [
+      username
       "users"
-      "networkmanager" 
+      "networkmanager"
       "wheel"
       "docker"
       "wireshark"
@@ -29,4 +29,21 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
     ];
   };
+
+  # DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
+  security.sudo.extraRules = [
+    {
+      users = [username];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/nix-store";
+          options = ["NOPASSWD"];
+        }
+        {
+          command = "/run/current-system/sw/bin/nix-copy-closure";
+          options = ["NOPASSWD"];
+        }
+      ];
+    }
+  ];
 }