mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-03-21 00:49:52 +01:00
52 lines
1.4 KiB
Nix
52 lines
1.4 KiB
Nix
{ username, ... }:
|
||
|
||
{
|
||
nix.settings.trusted-users = [username];
|
||
|
||
users.groups = {
|
||
"${username}" = {};
|
||
docker = {};
|
||
wireshark = {};
|
||
};
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users."${username}" = {
|
||
# the hashed password with salt is generated by run `mkpasswd`.
|
||
hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
|
||
home = "/home/${username}";
|
||
isNormalUser = true;
|
||
description = username;
|
||
extraGroups = [
|
||
username
|
||
"users"
|
||
"networkmanager"
|
||
"wheel"
|
||
"docker"
|
||
"wireshark"
|
||
"adbusers"
|
||
"libvirtd"
|
||
];
|
||
openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica"
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3F3AH/vKnA2vxl72h67fcxhIK8l+7F/bdE1zmtwTVU ryan@romantic"
|
||
];
|
||
};
|
||
|
||
# DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
|
||
security.sudo.extraRules = [
|
||
{
|
||
users = [username];
|
||
commands = [
|
||
{
|
||
command = "/run/current-system/sw/bin/nix-store";
|
||
options = ["NOPASSWD"];
|
||
}
|
||
{
|
||
command = "/run/current-system/sw/bin/nix-copy-closure";
|
||
options = ["NOPASSWD"];
|
||
}
|
||
];
|
||
}
|
||
];
|
||
}
|