mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-03-19 07:54:28 +01:00
50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
{ username, ... }:
|
||
|
||
{
|
||
nix.settings.trusted-users = [username];
|
||
|
||
users.groups = {
|
||
"${username}" = {};
|
||
docker = {};
|
||
wireshark = {};
|
||
};
|
||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||
users.users."${username}" = {
|
||
# the hashed password with salt is generated by run `mkpasswd`.
|
||
hashedPassword = "$y$j9T$YQu5vhlnogjDFDWp9QkPh0$Eu85OiwllqvLg5fzRVMLVHNO7InA3ro8grTJJIepyH1";
|
||
home = "/home/${username}";
|
||
isNormalUser = true;
|
||
description = username;
|
||
extraGroups = [
|
||
username
|
||
"users"
|
||
"networkmanager"
|
||
"wheel"
|
||
"docker"
|
||
"wireshark"
|
||
"adbusers"
|
||
"libvirtd"
|
||
];
|
||
openssh.authorizedKeys.keys = [
|
||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
|
||
];
|
||
};
|
||
|
||
# DO NOT promote the specified user to input password for `nix-store` and `nix-copy-closure`
|
||
security.sudo.extraRules = [
|
||
{
|
||
users = [username];
|
||
commands = [
|
||
{
|
||
command = "/run/current-system/sw/bin/nix-store";
|
||
options = ["NOPASSWD"];
|
||
}
|
||
{
|
||
command = "/run/current-system/sw/bin/nix-copy-closure";
|
||
options = ["NOPASSWD"];
|
||
}
|
||
];
|
||
}
|
||
];
|
||
}
|